Amsterdam Business School
The institutionalization of Data Analytics in the Financial Audit:
A case study at a Dutch Big Four firm
Name: Joice Baten
Student number: 10829571
Thesis supervisor: Dhr. prof. dr. B.G.D. (Brendan) O'Dwyer Date: 1 June 2016
Word count: 20451, 0
MSc Accountancy & Control, specialization Control
Statement of Originality
This document is written by student Joice Baten who declares to take full responsibility for the contents of this document.
I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it.
The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.
Abstract
To develop a better understanding about the institutionalization of innovations in the accounting field, this study aims to answer to what extent Data Analytics has been institutionalised as part of the financial audit, and why it is in its current state. This thesis puts the integration of Data Analytics in the financial audit under the theoretical lens of institutional work. This framework developed by Lawrence and Suddaby (2006) is used to gain an understanding of how actors influence organizational institutionalism. Through a case study at a Dutch Big Four firm insight has been gained with regards to the institutionalisation of Data Analytics. After detailed analysis on interviews conducted at the Big Four firm, and correlating this analysis with the theory, the conclusion could be drawn that Data Analytics has not yet been institutionalised in the financial audit, and that this is most likely caused by the size of such an integration and interference from external authoritative actors.
Contents
1 Introduction ... 8
1.1 Background information ... 8
1.1.1 Impact of Data Analytics ... 8
1.1.2 Concept of Data Analytics ... 9
1.2 Research focus and research question ... 9
1.3 Research contribution ... 10
1.4 Paper structure ... 10
2 Theory ... 11
2.1 Institutional work ... 11
2.2 Extensive description of the institutional work framework ... 12
2.2.1 Creating institutions ... 12 2.2.2 Maintaining institutions ... 16 2.2.3 Disrupting institutions ... 18 3 Methodology ... 20 3.1 Research setting ... 20 3.2 Data collection ... 20 3.3 Data processing ... 22 3.4 Data Analysis ... 23 4 Descriptive analysis ... 27
4.1 Definition of Data Analytics ... 27
4.2 Change and conservation ... 27
4.2.1 The financial audit approach ... 27
4.2.2 Time line of the financial audit... 29
4.2.3 The application of Data Analytics ... 29
4.2.5 Data availability ... 30
4.2.6 Data extraction and data preparation ... 31
4.2.7 Kind of analysis ... 31 4.2.8 Tools ... 31 4.2.9 Expectations ... 33 4.2.10 Mind set ... 33 4.2.11 Knowledge ... 34 4.2.12 Education ... 35 4.2.13 Structure ... 36 4.2.14 Methodology... 36
4.2.15 Procedures and standards ... 37
4.2.16 Guidance ... 38
4.3 Strategies ... 38
4.3.1 Coercive strategy ... 38
4.3.2 Open-ended approach ... 39
4.3.3 Top down approach ... 40
4.3.4 Bottom up approach ... 40
4.3.5 Step by step approach ... 40
4.3.6 Communication ... 41
4.3.7 Social connections ... 42
4.3.8 Standardization ... 42
4.3.9 Knowledge preservation and diffusion ... 42
4.3.10 Provide support ... 43
4.3.11 Best practices ... 43
4.3.12 Coordination and structure changes... 43
4.4 Influence of roles ... 44
4.4.1 Regulator ... 44
4.4.2 Partner ... 44
4.4.3 Data Analytics Department of Assurance and IT audit department ... 45
4.4.4 Financial audit team and their members ... 45
4.4.5 Regional Data Analytic coordinator ... 46
4.4.6 Data Analytic coaches ... 46
4.4.7 Assurance Management Team of the Netherlands ... 46
4.4.8 Global leaders ... 46
4.4.9 The Advisory pillar ... 47
4.4.10 The professional practice department ... 47
4.4.11 The market (clients) and the financial service sector ... 47
4.5 Motives driving actions ... 47
4.5.1 Personal motives ... 47
4.5.2 Experiences ... 48
4.5.3 Mindset ... 48
4.5.4 Knowledge and skills ... 49
4.5.5 Workload ... 49
4.5.6 Quality and efficiency ... 49
4.5.7 Methodology, procedures and standards ... 50
4.5.8 (Mis)communication ... 50
4.5.9 Innovation of the tools and techniques ... 50
4.5.10 Coordination and organizational structure ... 51
4.5.11 Political interest ... 51
5 Discussion ... 52
6.1 Conclusions ... 55
6.2 Potential limitations and suggestions for future research ... 55
6.2.1 Limitations ... 55
6.2.2 Ideas for future research ... 56
References ... 57
1 Introduction
In this chapter an introduction to the research is provided. In the first paragraph, 1.1, the background information is detailed. In paragraph 1.2 the focus of the research and its research questions are introduced. In 1.3 the contribution of this research is defined. And in 1.4 the general document structure is explained.
1.1 Background information
The last decade much effort has been put into improving the quality of audits in order to restore the image of public accounting firms after it was damaged by several accounting scandals. Auditors give their unqualified opinion, which states that the financial statements present a fair and accurate picture of the organization. With this auditor's opinion, the auditor argues that he or she is convinced of the accuracy of the accounting information. This conviction is partially based on the samples taken during the audit process (Felix & Kinney, 1982). Research by Broeze (2006) showed that auditors rely too much on subjective risk analyses and furthermore have too little understanding of basic statistical principals. This suggests that the auditor’s opinion is not reliable, because of the lack of knowledge on statistical analytics. In different fields dedicated data analytic tools are used to fill the holes in statistical analytical knowledge (Earley, 2015).
According to Earley (2015) public accounting firms are investing in their consultancy divisions to answer the growing demand in the field of Data Analytics. Despite the increased use of Data Analytics in their consulting processes, the accounting firms barely use it in their own auditing processes, which is supposedly their main field of work (Earley, 2015). Previous research claimed that replacing samples with Data Analytics potentially gives an absolute assurance of the accuracy of a significant part of the accounting information. Through this innovation, public accounting firms could improve their competitive advantage by increasing the efficiency of the audit process (Bhimani & Willcocks, 2014; Dowling & Leech, 2014). Even though previous literature shows how Data Analytics is implemented in organizations’ accounting information systems (Dowling & Leech, 2014; Wagnera, Moll, & Newellc, 2011), there is a lack of research on the use of Data Analytics during financial audits of public accountancy firms.
1.1.1 Impact of Data Analytics
According to Chan and Vasarhelyi (2011) intensifying the application of Data Analytics will also result in changes in the role of auditors. Regardless of the extent in which Data Analytics is utilized, the automation of some manual audit procedures reduces labour and time intensiveness and contributes to the efficiency of the overall audit. In order for automated audit procedures to be
effective, standardization of data collection and formalization of internal control policies is necessary. If the data entered into the accounting system is not standardized, the auditor would have to manually clean the data before automated audit procedures can be performed. The tedious process of manual data cleaning will partially offset the benefits and efficiencies of automated audit procedures. Furthermore, internal control policies within a company should be well defined or formalized in order to support automated monitoring of internal control violations. Chan and Vasarhelyi (2011) claimed that standardized data and formalized internal control policies will allow automated audit procedures to run seamlessly with limited or no auditor intervention (Chan & Vasarhelyi, 2011).
1.1.2 Concept of Data Analytics
In the field of financial audits there is no clear definition of Data Analytics. It is hard to determine where it starts and where it ends. Asking different people portraying different functions results in varying and often indefinite answers. The definition seems to be determined by a large number of factors and it relies on how the different forms of Data Analytics are being used by the person that defines it. Data analytics can either be treated as a concept, or as a collective noun for all techniques or tools that are used to analyse data. Even within the same professional accounting firm the definition seems to vary depending on who is asked. In 2015, during the annual symposium of the Centre for Audit Quality (CAQ)1, experts in the financial audit field tried to
clarify this concept as well, even those specialists were not able to give an explicit definitions in words. Leaders of the Big Four still used to give examples to clarify their perspective on Data Analytics as a collective noun for a vast amount of techniques. If the definition of Data Analytics varies within one organisation, or even within one department, could it be that Data Analytics has not yet been institutionalised in the processes of an organisation?
1.2 Research focus and research question
To be able to fully integrate Data Analytics in audits it is important to examine the role of actors that are involved in the process of utilizing this technology in audits. At this moment there is a lack of academic research examining how Data Analytics is used in accounting and how the position of this innovation in the field of accounting. Before it is possible to give a detailed answer how auditors influence the use of Data Analytics it is therefore important to examine, who is
1The CAQ is an autonomous, nonpartisan, non-profit group affiliated with the American
involved in this process, in which ways Data Analytic techniques and tools are already being used, and why use may be limited. The main questions of this research are: To which extent is Data Analytics been institutionalized in the financial audit of professional audit firms and why is it in the state it is currently in?
1.3 Research contribution
The contribution of this examination is to gain a better understanding of the interaction between the social and technological aspects of integrating Data Analytics in an audit process. By gaining insight in this interaction it could become clear why Data Analytics is not yet being used intensively in audits. Furthermore, these insights results in a start point to examine what is a successful way of institutionalization of Data Analytics in the audit process.
This research also contributes to the theory regarding Institutional Work. As is stated in the theoretical framework it is an empirical research that contributes to this theory. Institutional work is at the same time also very well suited for this research because "an institutional work perspective attends more closely to practice and process than to outcome—asking 'why' and 'how' rather than 'what' and 'when.'"
1.4 Paper structure
The remainder of this paper is structured as follows. In the next chapter the theoretical framework of Lawrence and Suddaby (2006) is extensively described. This chapter starts with an introduction of institutional work and its position within institutionalism. After that the different forms of institutional work are further explained.
Chapter 3 consists of the description of the research methodology. The first section describes the empirical research setting. In the following three sections the data collection, data processing and data analysis are clarified.
In chapter 4 the descriptive analysis has been elaborated and divided into five sections which represent the primary themes of the coding scheme.
Chapter 5 is the discussion chapter were links are made between the theoretical framework of institutional work and the descriptive analysis.
The last chapter, chapter 6, contains the conclusion and the potential limitations and suggestions for future research.
2 Theory
In this chapter the theory, used as preparation the empirical part of this research and to interpret the results, is defined. Institutionalism knows multiple forms and directions of research. In paragraph 2.1 it is clarified why the form of institutional work is fit for this research. Then in paragraph 2.2 the framework is extensively discussed.
2.1 Institutional work
Cohen et al. (1979) argue that organizational structures tend to change in accordance with changes in work technology. Technology embodies the materials, procedures and knowledge that the organization uses to continue its work. The structure that changes due to new technologies refers to the types of hierarchical and collaborative relationships among organizational participants (Cohen, Deal, Meyer, & Scott, 1979). The use of Data Analytics during audits could be classified as a new technology which may change the structure in professional audit firms. Institutional work is extensively used in accounting research to understand organizational changes (Currie, Lockett, Finn, Martin, & Waring, 2012; Bjerregaard, 2011; Hayne & Free, 2014; Micelotta & Washington, 2013)
Previous studies concluded that the way organizational institutionalism is interpreted has changed over time (Bjerregaard, 2011; Lawrence & Suddaby, 2006). According to Bjerregaard (2011) institutional work is introduced by a study of Lawrence and Suddaby (2006) and resulted in a new research stream in organizational institutionalism. Institutional work provides a framework which emphasizes the role of individuals in institutions (Bjerregaard, 2011; Lawrence & Suddaby, 2006; Lawrence, Suddaby, & Leca, 2011). Bjerregaard (2011) clarify that entities can be surrounded by more than one institutional context. Organizational change can occur at various levels: local, regional, national and transnational. Interference can occur horizontally due to activities in the field. These are important elements to understand in order to analyse the institutionalisation of an innovation. (Bjerregaard, 2011). In the new interpretation of institutionalism the emphasize is shifted towards the social elements. As this research looks into the influence of actors in the institutionalisation of Data Analytics in the audit, this emphasis on social elements provides additional insights in to why the institutionalisation is in its current state.
Research by Lawrence and Suddaby (2006) argues that previous institutional studies emphasized the processes through which institutions govern actions where in more recent institutional studies the focus is on understanding the role of actors in effecting, transforming and maintaining institutions and fields (Lawrence & Suddaby, 2006). Lawrence and Suddaby (2006)
assemble their findings in what they call institutional work. “Institutional work is the purposive action of individuals and organizations aimed at creating, maintaining and disrupting institutions” (Lawrence & Suddaby, 2006, p. 215).
The new emphasis has come to be as the role of actors in creating new institutions was recognised. When actors have enough resources they will have a huge influence in arising institutions (Lawrence & Suddaby, 2006; Lawrence, Suddaby, & Leca, 2011). The aforementioned recognition is supplemented with the recognition that influential actors can transform and disrupt existing institutions and fields. Later on the role of actors in maintaining institutions also was recognized. The moment an institution is created, it is not given that they will persist over time. The previously legitimated organizational actions could fail in reproduction once these are delegitimized (Oliver, 1992; Lawrence & Suddaby, 2006).
Institutional work embodies three key elements. Firstly, it highlights the awareness, skill and reflexivity of individual and collective actors. Actors do not simply adopt the “taken-for-granted” assumption of institutions (Lawrence & Suddaby, 2006). The second element shows that institutions exist through deliberate actions of actors. This implies that the perspective of an institution depends on the actions actors engage in that on the one hand, maintain, and, on the other, create new and disrupt existing institutions. The last key element of institutional work shows that the actors’ actions occur within sets of institutionalized rules, even if they are aimed at changing the institution. This suggests that institutional innovations depend on sets of resources and skills associated with the field in which they occur (Lawrence & Suddaby, 2006, p. 220).
2.2 Extensive description of the institutional work framework
Lawrence and Suddaby (2006) describe creating, maintaining, and disrupting institutions as a rough life-cycle. For each of the 3 stages of the life cycle several sets of practices could be identified. These will be explained in detail below.
2.2.1 Creating institutions
With regards to creating institutions, Lawrence and Suddaby (2006) have, through empirical research, defined a list of ten sets of practices, which seem to reflect three distinguishable categories. In the next 3 sections each of the categories will be extensively covered.
Advocacy, defining and vesting
The first category of practices involved in creating institutions include three categories of activities: ‘advocacy’ ‘defining’, and ‘vesting’. These activities relate to the political steps actors undertake to redefine rules, property rights and boundaries with regards to material resource access (Lawrence & Suddaby, 2006, p. 221).
Advocacy is the process of gaining political and regulatory support by means of purposeful
persuasion (Lawrence & Suddaby, 2006, p. 221). Lawrence and Suddaby (2006) argue that the object of this persuasion is to “redefine the allocation of material resources or social and political capital needed to create new institutional structures and practices” (Lawrence & Suddaby, 2006; p. 222). Initially actors that lack the authority to effect new institutions gain the legitimacy to do so. Different forms of advocacy enable these actors to alter their institutional environment and obtain supposititious legitimacy. Lawrence and Suddaby (2006) argue that advocacy, when used effectively, can determine which norms are followed and which may be violated. The determination and violation of norms are key elements within the perceived legitimacy of new institutions.
Lawrence and Suddaby (2006) describe defining as “the construction of rule systems that confer status or identity, define boundaries of membership or create status hierarchies within a field”. This embodies the elements of standard creation and actor certification. Through defining work actors create 'constitutive rules' which enable institutional action rather than constrain it (Lawrence & Suddaby, 2006; p.222).
Vesting is the creation of rule structures that confer property rights. According to Lawrence
and Suddaby (2006) a common element of vesting is a coercive authority and an interested actor trying to define a so called 'regulative bargain'. Vesting will always be accompanied by the need to share regulatory authority. Vesting work has the ability to create new actors and new field dynamics. Lawrence and Suddaby (2006) emphasize that the state is not the only actor with coercive or regulatory authority.
Advocacy, defining, and vesting could strengthen each other. The three rule-based practices
contribute to the ability of this kind of institutional work to open up large-scale reconstruction of institutions or institutional structures and practices (Lawrence & Suddaby, 2006, p. 223). According to Lawrence and Suddaby (2006) the key to creating institutions is creating rules and incentives, both positive and negative, that enforce those rules. The ability to do so comes with the role that a select few actors have, usually limited to the state or another professional body, but an actor can also establish such a position based on the resource dependency of others (Lawrence
& Suddaby, 2006; p. 228). Especially vesting and defining are well suited to enforce institutionalisation if the actor in question has the authority to do so.
Constructing identities, changing normative associations and constructing normative networks
The second category of practices recognized by Lawrence and Suddaby (2006) refers to three different types of interactions that provide the basis for forming new institutions, by altering the actors' belief systems (Lawrence & Suddaby, 2006; p.225). This category of practices contains ‘constructing identities’, ‘changing normative associations’, and ‘constructing normative networks’.
According to Lawrence and Suddaby (2006) the construction of identities is central to the creation of institutions, as identities describe how an actor and his associated field are related. The construction of the identities can be triggered from both in- and outside of the professional group, and primarily applies to new professionals, or existing one that are transformed. (Lawrence & Suddaby, 2006). This emphasizes the importance of collective action in accomplishing the construction of identities as a form of normative institutional work (Lawrence & Suddaby, 2006).
Changing normative associations is the re-defining of the connections between sets of practices
and the moral and cultural foundations they are built upon. Lawrence and Suddaby (2006) argue that this often results in new institutions which do not directly challenge the pre-existing ones, but rather support them, while at the same time leading actors to question them. This kind of institutional work involves the manipulation of the relation between norms and the institutional fields that they emerged from.
Lawrence and Suddaby (2006) show the ability of normative networks, which are inter-organizational connections, to normatively sanction practices. These normative networks also have the power to provide normative compliance, monitoring and evaluation of these practices.
Construction normative networks brings diverse actors of formerly dissociated coalitions together.
Through this, the newly formed group can affect new institutions. Most of the time this happens parallel to pre-existing institutional activities and structures. Thus, “constructing normative networks alters the relationship between actors in a field by changing the normative assumptions that connect them” (Lawrence & Suddaby, 2006; p. 225).
Constructing identities, changing normative associations, and constructing normative networks all focus on
the roles, values and norms that are associated with an institution, and the institutionalised rules created are complement or parallel to the established institution. Three types of interactions can be observed from these forms of normative work: actor-field, norm-field and actor-actor
respectively. The foundation for normative work depends on a collection of actors that share cultural and moral views, giving them force. This is why constructing normative networks is important, and it provides these collections with the force needed. The power of the collective effort also comes back in constructing identities, as the construction of a new identity depends on the willingness of others to endorse this identity. Through constructing a new identity it is possible that the actor obtains a role that allows rule-based creation of institutes (Lawrence & Suddaby, 2006; p. 228). The key to normative work succeeding is not diverging too much, as a conflict within a collective will reduce its force, allowing another actor to take over. Contrary to rule-based institutional work, normative work depends more on the actors' perceived influence rather than on the recognised authority and material resources that they have (Lawrence & Suddaby, 2006).
Mimicry, theorizing and educating
Lawrence and Suddaby (2006) define the last category of practices with regards to creating institutions as “actions designed to alter abstract categorizations in which the boundaries of meaning systems are altered” (Lawrence & Suddaby, 2006; p.221). This category of practices consist of ‘mimicry’, ‘theorizing’, and ‘educating’ and focuses on the cognitive side of institutions. This cognitive side contains “the beliefs, assumptions and frames that inform action by providing meaningful and understandable interaction patterns to be followed” (Lawrence & Suddaby, 2006; p. 228).
Mimicry is the work of associating new practices and structured with an existing institutional
element in order to empower them (Lawrence & Suddaby, 2006; p.228). Lawrence and Suddaby (2006) argue that already existing institutional elements can be used in the process of creating a new institution if the association between the old and the new eases adoption. The contrast between old and new templates can make the new structure clear and accessible, while highlighting inadequacies of past practices at the same time.
“Theorizing develops concepts and beliefs that can support new institutions” (Lawrence &
Suddaby, 2006; p.228). Lawrence and Suddaby (2006) emphasize the importance of naming of new concepts and practices. With naming they might become cognitively associated with the field, and it forms the basis for further theorizing.
“Educating provides actors with the knowledge necessary to engage in new practices or interact with new structures” (Lawrence & Suddaby, 2006; p.228). New institutions often come with new information, and to support this information, additional skills and knowledge might be necessary. These skills and knowledge can be provided by educating.
Mimicry, theorizing and educating are mainly concerned with providing clear and easy patterns
to follow based on beliefs, assumptions and frames. They embody alternatives that actors can tap into to avoid the effort and risk of isolated innovations. Institutional work based on altering abstract meaning can still concern big, major or integrated actors, but at the same time it is the best option for less powerful actors, especially through means of mimicry to create institutions. Mimicry allows actor without an established authority in the field that use the existing institution to institutionalise a new version of the existing practices, rules and technologies. Theorizing and educating usually applies to more significant actors that have the resources and the legitimacy to impose the ways of the institution onto others. In some cases less significant actors can apply theorizing and educating through means of cooperation, where by working together they gain the authority that is needed to extend or elaborate the current institution. As these forms of institutional work depend on the established institution it is important to emphasize the elements that didn't change as well as the new features in order to ensure institutionalisation of the innovation, regardless how much of a breakthrough the innovation might be (Lawrence & Suddaby, 2006; p 229).
2.2.2 Maintaining institutions
According to Lawrence and Suddaby (2006) most institutions do not have the power to automatically reproduce itself over time. They emphasise that in order to continue institutions a lot of 'maintaining institutional work' has to be done. Lawrence and Suddaby (2006) describe maintaining institutional work as “supporting, repairing or recreating social mechanisms that ensure compliance” (Lawrence & Suddaby, 2006, p. 230). Maintaining institutions is supported by two categories of practices.
Enabling, policing and deterring
The first category is aimed at conserving the rule systems and consists of ‘enabling’, ‘policing’ and ‘deterring’.
Enabling work creates rules to, as the name suggests, enable institutions, through means of
facilitation, supplementation and support. This is often accompanied by, on the one hand, giving authorization to certain actors, or establishing other roles in order to maintain routines, and on the other hand, by rearranging the required resources to ensure continuation of the institution (Lawrence & Suddaby, 2006, p. 230). . Authorized agents can create binding rules with regards to
membership, standards or identity, which can promote the creation, destruction, or replication of similar behaviour in a domain (Lawrence & Suddaby, 2006, p. 231).
The preservation of an institution through enforcement, auditing and monitoring is called
policing. Policing incorporates sanctions and incentives which are commonly used together and by
the same entities (Lawrence & Suddaby, 2006). Lawrence and Suddaby (2006) argue that enforcement is not necessary in professionalized fields, where after instantiating auditing and monitoring, compliance is generally ensured (Lawrence & Suddaby, 2006).
The last form of institutional work regarding the compliance to rules is deterrence. Deterrence is “establishing coercive barriers to institutional change which involves the threat of coercion to inculcate the conscious obedience of institutional actors” (Lawrence & Suddaby, 2006, p. 232). How effective deterrence is mainly depends on the level of authority of the coercive agent, also economic threats can influence deterrence.
The three forms of institutional work described above take care of the preservation of the institution through rewards and sanctions related to how well conformity to the institution is achieved. (Lawrence & Suddaby, 2006, p. 232). Without rule-based maintaining work, institutional control will lose their self-regulating power due to the lesser value associated to the coercive foundations, causing institutions to stop (Lawrence & Suddaby, 2006).
Valorising and demonizing, mythologizing and embedding and routinizing
The second category exists of ‘valorising/demonizing’, ‘mythologizing’, and ‘embedding and routinizing’ and embodies the works that maintain by means of recreating existing norms and belief systems.
Through valorising and demonizing work, the foundations of institutions can be strengthened or weakened by giving especially positive and especially negative examples which demonstrates the institutionalized foundations and the morals of the actors involved (Lawrence & Suddaby, 2006, p. 232).
Mythologizing the history of the institutions makes sure that the normative foundation of
these institutions is preserved (Lawrence & Suddaby, 2006).
Valorising, demonizing and mythologizing provide potentially erratic resources (Lawrence & Suddaby, 2006).
Embedding and routinizing “involves actively infusing the normative foundations of an
institution into the participants’ day-to-day routines and organizational practices” (Lawrence & Suddaby, 2006, p. 233). By ingraining practices into routines, they will be reproduced long after people have forgotten about its original purpose. The routines feel safe to the members and as such they will continue them ritually (Lawrence & Suddaby, 2006).
Much like in creating work, the rule-based institutional work in maintaining work is more visible than the normative-based work. The actors who engage in or comply with normative work to maintain institutions are conscious of the effects of these actions and its purpose in maintaining and preserving institutions (Lawrence & Suddaby, 2006). The actors involved in rule-based maintaining work are aware of its purpose and influence (Lawrence & Suddaby, 2006, p. 234), where it is generally harder to comprehend the re-instantiation of norms and beliefs systems, which is why those involved in normative-based maintaining work are generally unaware of the purpose or their actions with regards to the purpose.
2.2.3 Disrupting institutions
Very often there will be actors don't associate with an existing institution, and who will work to undermine the existing institutions. Lawrence and Suddaby (2006) state that it has not been established whether disruption always occurs directly, or also indirectly through the creation of new institutions. Regardless of this, they describe three forms of institutional work aimed at disrupting established institutions, which are ‘disconnecting sanctions and rewards’, ‘disassociating moral foundations’, and ‘undermining assumptions and beliefs’ (Lawrence & Suddaby, 2006).
The most effective way of disconnecting sanctions and rewards is through an entity that has authoritative judgement, as said judgement can directly undermine the former powerful position of an established institution (Lawrence & Suddaby, 2006, p. 235). If this way of disrupting cannot be applied for whatever reason, another way is to use the state actor to directly disrupt the foundations of the established institution. The state is capable of completely redefining the concepts the institution is based upon, undermining its strength. The disconnection of sanctions and rewards can cause a change in actors and their relationship, as the concepts of the institute are changed. Disruption by means of removing sanctions and rewards is easier to achieve if other important stakeholders see the need to induce a transferral of power (Lawrence & Suddaby, 2006, p. 236). Lawrence and Suddaby (2006) argue that where in the process of maintaining institutions the state and the professionals are often working together, they might end up working against each other in the process of disrupting institutions (Lawrence & Suddaby, 2006, p. 236).
Disassociating moral foundations is defined as “disassociating the practice, rule or technology
from its moral foundation as appropriate within a specific cultural context” (Lawrence & Suddaby, 2006, p. 236). This type of institutional work depends on slowly disrupting the normative foundation of an institution rather than a direct overthrow of the establishment. This approach is used most often by the elite, actors that have enough prestige in the field to justify being different The undermining of assumptions and beliefs is the last category of disrupting work. This type depends on invalidating the presumed effects associated with a change in the established institution. Lawrence & Suddaby (2006) found only limited research about this kind of institutional work, yet were able to distinguish two categories: breaking of existing institutional assumptions by innovation, and the gradual undermining of existing institutional assumptions through contrasting practices (Lawrence & Suddaby, 2006, p. 237), so either by coming up with an innovation that overrides a currently established rule or assumption, or by slowly proving an institutionalised concept wrong.
Very little is known on the disruption of institution, and most of what is known comes from the creation of new institutions, and not from directly and purposefully taking actions to undermine an existing one. Disrupting work can generally only be used by those actors that have advanced understanding of the field and the institutions, with the exception of disrupting through undermining beliefs and assumptions, in which case an actor working in innovative and potentially contrasting was suffices (Lawrence & Suddaby, 2006).
3 Methodology
The following four sections provide insight in the methodology of the research. First, in 3.1, the research setting is introduced and explained. In 3.2, the process of obtaining and preparing the data for initial processing is described. Thereafter, in 3.3, the steps of extracting information from the data in order to build an open coding schema are explained, after which, in 3.4, it is clarified what this schema looks like and it is used to analyse the data in order to obtain results.
3.1 Research setting
There is a lack of in depth research regarding the integration of Data Analytics in financial audits and therefore only limited understanding of this innovation in the field of accounting exists. To gain more insight in this development, the decision has been made to perform a case study at a Big Four accountancy firm in the Netherlands. Through means of a thesis internship the possibility was opened to conduct semi structured interviews with noteworthy actors in this change process. In order to perform a case study, it is important to have proper access to information sources related to the case. This was achieved through a thesis internship which opened up the possibility to conduct semi structured interviews with several noteworthy actors in the change process. The decision to do the case study at a Big Four company, rather than at a non-Big Four firm, was made because in general they are the leaders of the accounting market, and are most likely the best representatives of the changes occurring in the field of accounting.
To confine the available information to the parts relevant to Data Analytics, as this is the focus of the research, the internship was performed in a section that is in charge of Data Analytics focused on financial audit.
3.2 Data collection
As not everyone at the office is a key actor for this research it was important to limit the population to those that either have influence in the process of using data analytics, or those that are being influenced by the use of data analytics in financial audits. To be able to decide who to involve and who to leave out the first step was to understand the internal hierarchy.
After gaining more insight in the internals of the organization, the next step was to select the individuals to be interviewed. The main constraint was that they had to be available to be interviewed, which was not straightforward for all of them. The other criteria was that they interviewees should embody different positions in the chain of command, in order to get insights
from various perspectives. Even though setting up interviews was not always easy, most of the interviewed people were easily addressable, but due to the limited amount of time to perform the research, the number of people interviewed had to be limited. In the end 12 people were interviewed (see table 1 in the appendix): 3 Senior Staff members from Financial Audit, 2 Region Coordinators of Data Analytics Integration in Financial Audits, 1 Manager, 3 Senior Managers, 2 Executive Directors, and 1 IT Specialist, who works for a Mid Four company. The decision to interview the IT Specialist was made in order to gain a better understanding of the usage of data analytics in Financial Audits. This interview also helped in improving the quality of following interviews, mainly due to the increased background knowledge of data analytics.
The financial auditors, interviewees A1, A2, and A3, have been interviewed because they barely have any influence in the decision to integrate Data Analytics or not, but they are the people most influenced by the decision. The choice for senior staff members among those auditors has been made as they are the most influential members of the financial audit teams because they, amongst others, decide upon the audit approach. They do not have a say in the official decisions like the actual integration, but they fulfil an important role in establishing the audit procedure on client level.
The firm in question consists of several different regions where each region has been assigned a coordinator who is in charge of the integration of Data Analytics. The two interviewed coordinators, respondents B1 and B2, have been selected based on their regions' performance record of successful data analytics engagements in financial audits, as reported through management reports. Their associated regions were the best performing regions.
The two senior managers are both key actors in the process of integrating Data Analytics, having professional roots in the IT audit and also being familiar with Data Analytics. They have only just recently made the transition to the Data Analysis team within Assurance. Before that interviewee B4 has spent some time on a global project contributing to a new tool with the purpose of standardising data analyses. Respondent B4 has applied Data Analytics on mostly Advisory clients, and also experience with customised analysis. Interviewee B5's experience is not just limited to IT Audit, having started his career as a financial auditor. Other than that interviewee B5 is part of team to increase the scale of the usage of Data Analytics.
Respondent B3, the manager, has a background in financial audit and Data Analytics, and like interviewee B4, spent an extended period of time on a global project to develop a tool to standardise data analyses.
The executive directors, interviewees B6 and C1, both had a management function at the time Data Analytics started gaining more attention, several years ago. This makes them a valuable source of information on the transition of the focus in the direction of Data Analytics, which started years ago. They also can provide more insight in the difference between the past and the present.
As a member of the Professional Practice Department, responsible for the integration of global methodology in financial audits, respondent D1 is closely involved in the integration of Data Analytics.
Firstly the interviewees were approached in person. If no prior acquaintance had been made, the initial contact was arranged through a mutual connection. After a verbal agreement to conduct an interview, an invitation through mail followed. In this mail it was stated again that the interviewee verbally agreed to an interview on Data Analytics, and the person to be interviewed was also informed that no preparation had to be done.
As a result of some of the interviews, the respondents provided a number of documents that proved to be useful for the research. These documents were: A presentation on Data Analytics, a validation memo, the roadmap for national integration, and management reports. However, due to the confidentiality of the documents in question they are not publically available.
At the start of each interview the interviewee was asked whether they consented with having the interview recorded. This so that the interviews could be transcribed in full, provided back to the respondent, reviewed, and afterwards used for data collection. Each of the people in question agreed with this procedure.
Due to fact that the interviewees were all native Dutch speakers, the interviews have been conducted and transcribed in Dutch.
3.3 Data processing
After having the transcriptions validated by the respondents, the relevant quotes have been extracted, and have been carefully translated to English, trying to retain the meaning and underlying tone in the process. Through these steps a data set has been obtained that is suited for the initial open coding and that is usable for the research. All marked quotes from the transcriptions have been put in Excel, and after repeatedly reading through the statements the decision was made to adjust the initial sub topics. Upon assigning codes to the quotes, the codes were re-evaluated, as during coding it became apparent that some codes were overlapping. For example, there was a sub topic 'motive driven by authority' and 'motive driven by role', and it
turned out that the first one could be merged into the second one, as one's authority is directly dependent on their role.
3.4 Data Analysis
Taking into account the research question and after going through several revisions of the coding table it was possible to come up with five key topics, or primary themes.
The first key topic is 'Definition of Data Analytics'. As it turned out to be difficult to provide a clear definition of Data Analytics, the decision has been made to introduce two sub codes: The definition of Data Analytics (D/D) and explanations about Data Analytics (D/E).
Primary theme: Definition Data Analytics
D/D the definition that the interviewee gave of the term Data Analytics D/E the explanation that the interviewee gave of the term Data Analytics
TABLE 2:OVERVIEW CODING SCHEMA ‘DEFINITION OF DATA ANALYTICS’
'Change and Conservation' is the second primary theme, and encompasses topics dealing with things that are changing or that stay the same. The sub topics have been constructed based on the subjects that are recurrent, directly related to the integration of Data Analytics, or both. So the quotes associated with these codes answer questions with regards to what has changed, and what has stayed the same. In the process of coding it is also taken into account whether the change or conservation in question occurred in the past, is ongoing in the present, or is expected to happen in the future, and if relevant, the extent of the change.
Primary theme: Changes and Conservations
C/FA the changes and/or conservations regarding the financial audit approach C/TL the changes and/or conservations regarding the time line of a financial audit C/Ap the changes and/or conservations regarding the application Data Analytics C/Pr the changes and/or conservations regarding the prospective of Data Analytics C/Av the changes and/or conservations regarding the availability of data
C/DE the changes and/or conservations regarding data extraction and preparation C/A the changes and/or conservations regarding the kind of analysis
C/T the changes and/or conservations regarding the tools C/Exp the changes and/or conservations regarding the expectations
C/MS the changes and/or conservations regarding the mind set
C/K the changes and/or conservations regarding the knowledge (understanding) C/E the changes and/or conservations regarding the education
C/S the changes and/or conservations regarding the structure C/M the changes and/or conservations regarding the methodology
C/PS the changes and/or conservations regarding the procedures and standards C/G the changes and/or conservations regarding the guidance
TABLE 3:OVERVIEW CODING SCHEMA ‘CHANGE AND CONVERSATION’
Performing a research on institutionalisation, and having institutional work as the theoretical framework, an obvious key topic, which is also strongly represented throughout the different interviews, is 'Influence of roles'. This theme addresses the different roles played by individuals and groups of individuals.
TABLE 4:OVERVIEW CODING SCHEMA ‘INFLUENCE OF ROLES’
Primary theme: roles and their influence I/Reg Regulator
I/P Partner
I/ADA Assurance Data Analytics department I/ITA IT Audit department
I/FA Financial audit teams I/Coa Coaches
I/RC Region coordinators I/G Global leaders
I/AMT Assurance Management Team I/S Staff of the financial audit I/SS Senior Staff of the financial audit
I/Mrkt Market and in particular the (potential) clients of the firm I/Adv Advisory pillar of the organisation
The fourth key topic handles the 'how' of it all, dealing with how changes and conservation are achieved. What strategies have been applied, which actions have been taken? To link the relevant quotes to these questions, the fifth key topic, 'Strategies', is introduced.
Primary theme: strategy S/Coe Coercive approach
S/O Open-ended approach (enabling) S/TD Top down approach
S/BU Bottom up approach S/SBS Step by step
S/Com Communication S/SC Social Connections S/St Standardization
S/K Knowledge preservation and diffusion
S/Su Provide support, which consists of providing assistance and creating enablers S/BP Best practices
S/CS Coordination and Structure changes S/AS Adjusting the strategy
TABLE 5:OVERVIEW CODING SCHEMA ‘STRATEGIES’
The last key topic is 'Motives driving actions'. Belonging to this are all the given reasons that are at the basis of changes and conservation. In general the associated quotes provide opinionated answers to why actions have been taken.
Primary theme: Motives that drive action(s)
M/MS driven by the mind set of a (group of) individual(s)
M/PM driven by personal motives, such as ambition, enthusiasm, affinity, fear of consequences, or disappointment
M/Exp driven by experiences, which could be negative or positive M/K driven by (the lack of) knowledge
M/Sk driven by skills M/Eff driven by efficiency
M/Q driven by quality M/WL driven by workload
M/PS driven by procedures and/or standards M/M driven by the formalized audit methodology M/I driven by innovation (tools and techniques) M/C driven by (mis)communication
M/CS driven by coordination and structure M/P driven by political interests
4 Descriptive analysis
In this chapter a descriptive analysis of the data collected from the interviews will be performed. The analysis is done based on the key topic introduced in the previous section. Per key topic, the findings of the interviews will be described, and if appropriate, supplemented with relevant quotes from the interviews.
4.1 Definition of Data Analytics
As was mentioned in the background information, Data Analytics is hard to define in context of the accounting field. From the interview it also became apparent that it is indeed hard to define the concept of Data Analytics. Only one of the interviewees was somewhat capable of providing a definition of what they considered Data Analytics. Respondent B4 defined Data Analytics as:
“It is the processing of information to obtain useful insights from it.” (B4, p. 9)
When posed the same question, the other interviewees often responded with a vague answer on how Data Analytics was applied. Often this explanation involved what techniques and tools could be used.
4.2 Change and conservation 4.2.1 The financial audit approach
The interviews made clear that the use of Data Analytics in financial audits has a big influence on the financial audit approach. One of the biggest changes is that in the traditional audit approach samples were used. In most cases this came down to taking 25 samples, and if these proved to be correct, the control could be checked off. Interviewee B4 says:
“If you were to test the process without data analytics and use sampling as a selection, that's too broad. It's much better to take the entire population and focus on the exceptions, that's an entirely different approach.” (B4 p. 9, 10)
The adaptation of the approach where sampling gets replaced by data analyses, provides a completely different view on the whole control process. Respondent B1 captures this in the following quote:
“With data analytics you look in a different way. You take the whole population and you analyse it. Rather than looking at ‘what can go wrong?’, you look at ‘what has gone wrong?’. You really look at the whole year.” (B1, p 10)
The moment data analysis is applied ad hoc, it doesn't really influence the approach, but the case firm made the decision five years ago to structurally integrate Data Analytics in the audit approach, as indicated by interviewee D1:
“I have an image somewhere where the actual year is mentioned, but in the 90s we already have some techniques to do data analysis. But that was, and I think that is a difference, that you could apply these to certain elements in your control. And from 2011 the idea started to live: This is you whole audit, and it's not about focusing on data analytics at one moment, we want you to use it from the get-go and base your audit approach on it.” (D1, p. 1)
The financial audit approach is mostly determined by the established methodology, procedures and standards. From the interviews with the seniors (A1, A2 and A3) the correlation between the tools and the audit approach becomes apparent. When they talk about data analyses they talk more about the tools they use and the programs that they follow.
The audit methodology is based on the regulations that the regulator established in ISAs2.
Because these rules became more strict, more checklists were added to the audit approach and reports had the be made better, resulting in a more defined approach for the auditors. To some this restriction was a reason not to use Data Analytics, as they do not see how to fit it into the audit approach. Interviewee A2 explains why he considers the stricter methodology to be conflicting with the integration of data analysis:
“It has become more filling in a checklist rather than actual auditing, the
controlling, let me put it like that. We don't control, we perform mandatory steps. And to me that is a big difference. For example, with data analytics you are controlling and by looking at 25 invoices you are doing extra.” (A2, p. 7)
From the interviews it also became clear that the new audit approach has not fully materialised yet. As respondent D1 says: "It is more that we want to do it differently, where you will probably see the transition to doing less 'control testing'". Words like "want" and "probably" underline that it is not sure yet. From other interviews the information comes forward that the move from 'control testing' to data driven controls is a conscious step.
There are also things that were conserved in the audit approach
“I do not think it is a black and white world. Data analysis is a combination with traditional techniques. But I find it important that this is the way forward, period. And
2ISA’s (International Standards of Auditing) are set by “the International Auditing and Assurance Standards Board
(IAASB) the independent standard-setting body that serves the public interest by setting high-quality international standards for auditing, quality control, review, other assurance, and related services, and by facilitating the convergence of international and national standards. (IAASB, 2016)”
that is what we have said a few years ago. It no longer is the question whether we will apply data analysis in the audit, no, the question is now when will it be fully integrated?” (D1, p. 7)
Interviewee B1 states that it is still important for the financial audit team to delve into a client in order to interpret the data.
4.2.2 Time line of the financial audit
Integration of data analysis also influence the timeline of the audit. The timeline roughly consists of three parts: planning, interim and year-end. In multiple interviews it was mentioned that data analyses was only applied at the very last moment, if the control could not be performed in the traditional way. Respondent B1 explains that support is better if it is known ahead of time that data is needed, because then data extraction and preparation can be moved forwards.
“[…] then suddenly some ad hoc crap comes in and I have to do it, even though the job is below senior level. Yes, that is a waste. If you know at the start of the year what you are up against, and when it will happen, that is so much better.” (B1, p. 14).
So where Data Analytics was applied ad hoc, and often only at the very last moment, after integration it should be a part of every phase. This also means that certain tasks can be moved forward. Normally the biggest workload of the audit is in the year-end control that happens in the busy-season. Integrating Data Analytics in the financial audit approach could mean that datasets are delivered to the teams at given moments, as to be able to work ahead.
4.2.3 The application of Data Analytics
From the interviews with people that have been working at the organisation for an extended period of time it became clear that data analysis has been applied for year. The extent and how has changed. Journal Entry Testing is one of the most common applications of Data Analytics according to the interviewees. This analysis has been done for a very long time, but in the past was done in many different ways. Interviewee B4 indicates that thinks have not significantly changed, only become more.
Also the focus area in which data analysis is used had changed over the years. In the past Data Analytics specialists from Advisory would also provide support to financial audits. To financial audit it was unclear how Data Analytics could provide added value to their reports. From within the specialised group in Advisory the advice came to no longer focus on this, but still provide support if needed. That is why the traditional audit approach was retained, as well as ad hoc data analyses if the client's organisation could not be relied on.
“In the traditional approach we rely on the organisation. In the traditional approach data analysis is only used when the organisation cannot be relied upon.” (C1, p. 2)
In time more attention was given to Data Analytics with regard to the financial audit. When data analyses were applied to the audit again, this was done unstructured. Both the analyses and the way they were used differed. Any success achieved at the time was mostly due to personal skill, rather than the proper integration of Data Analytics.
“I think personal successes were dependent on people, and what we want is that it depends on processes and procedures that we have.” (B3, p. 7)
As the statement above, said by respondent B3, emphasises it would be desirable if the successes achieved with Data Analytics were contributed to the procedures.
4.2.4 The prospective of Data Analytics
From the interviews it seems that none of the interviewees thinks that a lot of data analysis is being applied in the financial audit. Most of them add to that that the use over the last few years has significantly increased. The respondents that made this happen are proud of this. All interviewees agreed that much more can be achieved. Respondent A2 claims that he still talks to old co-workers in the audit that barely use the data analysis tools.
Interviewee C1 shines a light on the less desired effect that integration of data analytics can have. The moment your new approach comes at the expense of your old approach, you are missing the goal.
“You can have something new, but you have to avoid making it look like you did something wrong before, as consequences are bound to this.” (C1, p. 5)
4.2.5 Data availability
To be able to use Data Analytics during an audit it is necessary to have to right data at your disposal. Nowadays it is no longer encountered as an obstacle to obtain the data from the client. One of the financial auditors states that he has integrated Data Analytics in all his audits, and that he is capable of easily obtaining the data from the client. Also for his clients this is not a problem. Interviewee A2 says: “For the client it's a press of a button, then you have the complete file.” (p. 10). Also A1 and A3 do not mention issues with the availability of the data. The client can provide the data. There also are some interviewees that indicate that more data is available than before.
4.2.6 Data extraction and data preparation
The harder part begins when the data has to be prepared in order to be usable in the tools. Region Coordinators indicate that the financial auditors often are not capable of processing the data in such a way that they could be used for Data Analytics.
Because there is a legion of ERP packages in the Netherlands, data extraction is a bit more complex. If one package has been evaluated, a different one comes up, where that approach does not work. Interviewee B1 claims that by investigating and documenting the steps and the results on the SharePoint, data extraction is simplified.
Even though most interviewees were very positive about the improvements in data extraction, the interviews with the senior staff members revealed that they do not see the usability of the datasets as optimal.
“But in practice you see that you always obtain data which is different from what the theory describes. Something is always wrong, meaning you can use all of it. The data has to be improved quite a lot before you truly can make use of all options. Well, I yet to have
the first set in which I could use all the options.” (A1, p. 1)
4.2.7 Kind of analysis
The tools contain several different types of analyses that can be applied by auditors on prepared datasets. In the past there were not standardised analyses, as B3 says: "When I arrived there were not really standard data analyses, everything was custom, which you might be able to run multiple times." (B3, p.9) As of now there are quite some standard analyses available.
“[…] But at this moment a lot of analyses are at hand, they are in [names of tools] those are the most important analyses to perform a financial audit well.” (B6, p. 14)
The interviewees that are more experienced in data analysis indicate that they would like to go beyond just the basic. Respondent B4 stated that the analyses present now where also there in the past.
“Well, it is being used more. Analyses-wise we are not.... We have not developed new things, new analyses. We did however... So no fundamentally new analyses.” (B4, p. 11)
Interviewee B5 tell about the increase of sector specific data analyses and that Custom Analytics is being investigated. Interviewee C5 on the other hand indicates that he would like to see a use of Predictive Analytics, allowing you to predict the financial position at year-end beforehand.
4.2.8 Tools
To gain insight in what engagements use Data Analytics, what teams want to be supported in this and to gather knowledge a SharePoint has been created in 2015. SharePoint replaces the Excel that
was in place for a similar purpose. From the interview with respondent B1 it became apparent that not everyone from the financial audits knows SharePoint or uses it.
In the past not all technical tools were available to do data extraction, is interviewee D1 states. She indicates: “We had the technical means to do it, and with it we saw that it could lead to the improvement of quality […] but before we didn't have an alternative, we couldn't get all the data, we couldn't process it.”(D1, p. 2, 3) The standard data analyses have been integrated in the different tools for the financial audit.
Interviewee B2 says that a tool exists that the organisation has been using for analyses for a long time.
“[Name tool] is just a standard dataset, which we already use for 10 years, maybe even 15 years, to conduct Journal Entry Testing.” (B2, p. 2)
After this first analysis program, several so-called legacy tools have been developed. The development of an Excel add-on on top of an existing tool turned out to be an important development for the use of data analysis in the financial audit.
“So at some point with [name tool], which is actually an Excel add-on that uses the data
from [name other tool], that has been validated and is complete, but you are working from Excel. And apparently that is what they consider to be nice, they recognise it. And maybe it is a little more flexible, or they made more analyses or they have more freedom.” (B3, p. 10)
But the interviews also revealed that even after further developing these tools only limited use of the functionality was made during the financial audits.
“There was used, as we know it today [names of tools]. But when I see how it was used in the audit, it they do not go the extra mile.” (B2, p. 2)
The tools are developed at global level and then deployed worldwide. Around 2011 and 2012 a large scale project was started where multiple tools were further developed, and also a new tool was made. Two of the interviewees have contributed to the back end of the latter for an extended period of time. The project is still ongoing, but they have stopped working on it and are now part of the Assurance Data Analytics department. They say that the project is meant to facilitate the standardisation of different ERP systems. That we the client's data can be easy loaded after preparation. Other than that the tool was capable of handling more data. Further integration of the tools makes the use of Data Analytics as audit evidence easier.
“Now you go to [name electronic dossier] and if you want to do analyses you go to
[name tool], but then you are in [name electronic dossier] and you do everything from a single one-stop-shop. The evidence is a lot easier as well in that case.” (B3, p. 12)
4.2.9 Expectations
Interviewee B4 indicates that the expectation management is important when support is provided to an audit team to use data analysis. In the past, as well as now it happened that expectations were too high. According to respondent B3, the audit teams were promised mountains of gold, but after a few weeks the IT experts returned empty handed, while have taken up a large section of the budget. The financial audit teams did not know what to expect when the focus would move to the use of Data Analytics.
“In the beginning it looked fun to everyone, but it was too abstract, too vague. Nobody knew which activities could be replaced by data analytics to decrease their workload. Which was the thing they always said, that it would lead to more efficient audits. […] but nobody had the insight in the beginning.” (A1, p. 4)
Several interviewees indicate that younger generation auditors also expect more to be done with data analysis than before.
“Our people are expecting it. If you take young people, how they handle it ‘Why am I not going to look at the data?’” (C1, p. 4)
When developing one of the data analytic tools, the expectations of the result changed multiple times during the process.
“It was also a bit iterative because nobody knew where we would end up, how much we could contribute, or how little. So that was not clearly defined.” (B3, p. 5)
The development process was a winding road to a somewhat unknown goal where sometimes intermediate results had to be presented that were not always on the right track. In those steps things were shown in a better way than they were, according to interviewee B3. By making the intermediate steps look better, the tool was 'overpromised' to the board.
“I personally believe that they have always pretended it was better than it actually was.”(B3, p. 20)
During the pilot the developers assumed they were doing a good job, but they received late feedback as the audit teams didn't really look at it before. Which was not what the developers expected.
“You hope that was is in place is pretty good so you can continue developing, and then you suddenly get questions about things that have been there all along, that is disappointing.” (B3, p. 19)
4.2.10 Mind set
“So you use it in a very basic fashion, without actually calling it data analytics. And that is the mind set that we had to achieve together first. First it was Data Analytics: Ok, we are going to make trend-analyses and do other analyses. But you actually have to go back to the basics.” (A1, p. 2)
The mind shift resulted in the use of Data Analytics where possible, not only in specific cases. This is explicitly mentioned in a statement during one of the interviews:
“It is part of a mind shift. Before you do say, we adapt our audit and if it really cannot be done, we use Data Analytics. Now there has been a shift and we say, we are going to use Data Analytics in whichever phase possible. If it is not possible, we do something else. So the idea is to not only do it on very specific transactions.” (B3, p. 14)
The financial audit teams start realising the added value of data analysis. Both the coordinating and the executive functions encountered this change in mind set. Interviewee B1 mentions that the teams realise that their reports are much better if they use Data Analytics. The seniors (A1, A2 and A3) indicate that in the beginning not everyone knew what to expect. Respondent B5 realised while he guided teams with integrating Data Analytics in the audit approach that the teams have accepted that they cannot avoid data analyses.
“After one or two years they look the way the wind blows. Nowadays you cannot avoid data analysis.” (B5, p. 11)
The mind set has changed, but it has yet to stabilise. The current change in mind set is defined by this statement:
“The discussion has changed over the past 2 years. If you gave a presentation somewhere 2, 3 years ago, inside EY, that the financial auditor should do something with data, that is no longer an issue. So everyone sees that they should be doing something with the data, but what the discussion now is: "What should we do?! How should be do it?! What has changed in my audit approach?" To some questions we don't know the answer exactly, but let's go that direction together and see how things evolve.” (C1, p. 3)
Respondent C1 mentioned during the interview that one actually needs an attitude in which they vow for their new approach, and not let someone else convince you otherwise if they have no say in it. This indicates that the organisation has not reached the desired mind set yet.
4.2.11 Knowledge
To be able to perform data extraction one needs knowledge of ERP systems, which is gained by doing it for different systems. This is emphasised by interviewee B1:
“That has taken a lot of effort over the years, but all the knowledge we have gained, we
have collected every single time, stored it in SharePoint. I think it could have been more, but at least there is a decent library now.” (B1, p. 2)