Faculty of Economics and Business
The impact of data analytics on audit
procedures
Student: Sisi You
Student number: 10853375
Supervisor: Georgios Georgakopoulos
Date: 22-06-2015
2
Statement of Originality
This document is written by student Yunxi You who declares to take full responsibility for the contents of this document.
I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it. The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.
3
Abstract
The volume of data generated grows every day. This data has little or no meaning by itself. It needs to be processed and transformed into information or knowledge to become valuable. Modern computers and technology enable us to perform extensive analysis on massive
amounts of data in a fast and efficient way. This method of analysis is called data analytics. It has recently found its way into the field of accounting, where it is used to automate audit activities. A recent report from a Big Four accountancy firm showed that this automation through the use of data analytics has a big impact on the amount of jobs available in the accounting field. This triggered the subject of this research: what is the impact of data
analytics on the audit procedures for financial auditors? To answer this question, research was conducted consisting of two parts: a literature study and a case study. Whilst studying the existing literature, it became apparent that the subject of data analytics within audit is an under-researched area in the academic world. The industry is ahead of the academics on this subject. Giving the growing use of and interest in data analytics for audit purposes, a call is made for more research in this area.
The second part of this research, the case study, was performed at a Big Four accountancy firm in The Netherlands that has experience with, and frequently uses data analytics in audit assignments. Both financial auditors and data analytics experts where interviewed. The main findings are that data analytics is applied more and more in audit assignments. It can automate standard parts of audits, like journal entry testing, resulting in less auditors needed on an assignment. Furthermore, using automated analytics it is possible to test complete populations instead of performing sample testing, thereby reducing the sampling risk and providing more assurance. Despite the automation, auditors will always be required to draw up the conclusion from the data analyses, as computers are not capable to do this. So in the future a shift is expected for the work of financial auditors from manually performing testing activities, to interpreting the results of automated analyses and drawing up conclusions.
4
Content
STATEMENT OF ORIGINALITY... 2
ABSTRACT ... 3
LIST OF TABLES AND FIGURES ... 6
1. INTRODUCTION ... 7
1.1BACKGROUND ... 7
1.2RESEARCH QUESTION ... 9
1.3RELEVANCE OF THIS STUDY...11
1.4THESIS OUTLINE ...11
2. DATA AND DATA ANALYTICS ... 13
2.1DATA ...13
2.1.1 The characteristics of data ... 14
2.1.2 Types of data ... 16
2.2DATA ANALYTICS ...17
2.3CONCLUSION ...19
3. AUDIT PROCEDURES ... 20
3.1FINANCIAL AUDITORS ...20
3.2AUDIT ENGAGEM ENT PROCESS...21
3.2.1 Planning ... 22
3.2.2 Risk assessment ... 23
3.2.3 Audit strategy and plan ... 24
3.2.4 Gathering evidence ... 25
3.2.5 Finalisation ... 28
3.3CONCLUSION ...29
4. APPLYING DATA ANALYTICS IN AUDIT PROCEDURE... 31
4.1DESCRIPTION OF DATA ANALYTICS ACCORDING TO BIG FOUR AUDIT FIRM S...31
4.2THE USE OF DATA ANALYTICS WITHIN AUDIT ...32
4.3CONCLUSION ...35 5. METHODOLOGY ... 37 5.1RESEARCH M ETHOD ...37 5.2DATA COLLECTION ...38 5.3CASE DESIGN ...39 5.4CASE ANALYSIS ...41
5
6. FINDINGS... 43
6.1APPLYING DATA ANALYTICS...43
6.1.1 Data analytics and Data... 43
6.1.2 Experiences ... 44
6.2ADVANTAGES AND DISADVANTAGES ...48
6.2.1 Advantages ... 48 6.2.2 Disadvantages ... 50 6.2.3 Assurance... 54 6.3CLIENT PERSPECTIVE ...56 6.4FUTURE PERSPECTIVE ...58 6.4CONCLUSION ...62
7. CONCLUSION AND DISCUSSION ... 65
7.1SUB QUESTIONS ...65
7.2MAIN RESEARCH QUESTION ...69
7.3LIM ITATIONS AND RECOMM ENDATIONS...70
REFERENCES ... 71
6
List of tables and figures
Table 1: Common characteristics of data analytics………....16
Table 2: Common characteristics of data analytics definitions………..30
Table 3: Interview panel………39
Table 4: Coding scheme...……….40
Figure 1: DIKW pyramid………..………….…11
Figure 2: Data process...………13
Figure 3: Five phases of an audit………....20
Figure 4: Elements of understanding the client...…...22
Figure 5: Types of audit opinions………..………26
7
1. Introduction
1.1 Background
Nowadays, by the massive growth of data, companies have to deal with different forms and size of data, this includes structured and unstructured forms (Zikopoulos et al., 2011). At this moment, all the businesses already encompass structured data; they are very good with analysis of these data. But the unstructured form of data, which is relative new and is increasing rapidly the last decade due to the rise of internet (think about e-mail, Twitter, Facebook etc.), we still have a lot of difficulties with respect to capture, store, manage and analysis of these big data (Sagiroglu & Sinanc, 2013).
To deal with this problem, there is a new technique available, called analytics. Using this technique, companies can quickly and easily detect emerging trends, hidden patterns, correlations and other meaningful information and insights. This will improve the business decision making process (Boyd & Crawford, 2011).
While some of the large enterprises already use big data analytics in their business to gain a higher company value by means of analysing both structured and unstructured data, the audit firms just start to implement data analytics in their audit processes (Fisher, 2015). From the very beginning, accounting and audit firms have often a delay on the adoption of
technological innovations into their processes. Besides, the professionals have problems to stay ahead of the data curve. Both leads to the fact that they need to accelerate the adoption process to be aligned with all the data of the business environment; otherwise there will be a significant divergence between the client and auditors (Vasarhelyi, 2012; Fisher, 2015). Katz (2014) also recognizes the lagging data analysis skills in audit and illustrate this problem for accounting as follows: “Valuable as such data may be, they’re outside the grasp of most accountants and finance executives. Thus, while traditional corporate accounting and auditing ‘are essential for economic production activities and will continue to be performed,’ the authors write, ‘current accounting and auditing methods are in danger of becoming
anachronistic’ in the face of an economy increasingly being driven by Big Data” (para. 9). Big Four audit firms also realize the fact that they are behind with respect to audit technology. Deloitte mentioned in a response to the discussion paper of Fédération des Experts
Comptables (FEE) that innovation of technology for audit is an essential event, which auditors should pay attention to, to look at the extra value created by technology, which will
8 result in better audits. All this leads to millions euros of investment in new audit technology (Fisher, 2015; consultancy.uk, 2014).
Data analytics for audit will bring a lot of advantages. In the article of Fisher (2015), she mentioned that a better audit quality is provided by applying analytics as this creates extra insights that are of value to the client, thus the power of data analytics adds significant value to audit services. By leveraging data analytics technology in audits, it is possible to for
example compare all sales invoices issued in one year with all cash receipts obtained from the bank; or to perform a three-way match over all sales and payment transactions of an
organization. This supplies powerful supportive evidence that contributes to enhanced audit quality (Liddy, 2015).
On the other hand, data analytics will also bring some disadvantages. At this moment, data analytics is at the growth phase within the audit firms, due to the huge investment in technology, the cost for audit will also increase, and at this moment it is still uncertain whether the benefits will exceed the costs. Besides, it requires a higher level knowledge of auditors, which leads to the demand of new trainings. Last but not least, auditors should think about how data analytics will fit in the current auditing standards (Liddy, The future of audit, 2014).
Data analytics could have a significant impact on the amount of jobs available for auditors and accountants. This is illustrated by a report from Schattorie (2014) which is based on a study from Oxford University on the computerisation of jobs. Schattorie translated this to the Dutch market and predicted that over 100.000 accounting jobs might get lost in the coming 10 to 20 years due to computerisation, which at this moment is driven by data analytics.
Due to the increasing use of data analytics in audit procedures, the main purpose of this study is to examine how data analytics is applied in financial audit in practice, thus what impact data analytics has on audit procedures. To substantiate this, the study will also gather the experience of auditors who used data analytics and describe what the impact is for these professionals.
The study is conducted at a Big Four audit firm that applies data analytics in financial audit. The reason for choosing a Big Four audit firm is that they have the capital and resources required to invest in and be on the frontier of the implementation of data analytics (Liddy,
9 2015). By conducting interviews with auditors and data analytics professionals, an overview is created on the current use of analytics in audit. These showed that data analytics is for example used for journal entry testing, to audit purchase to order and cash to pay cycles and for the examination of revenue. These examples and other use cases will be discussed in more detail in chapter 6.
1.2 Research question
This research will focus on the use of data analytics in the field of financial audit. In the existing academic literature, no relevant studies have been identified that thoroughly examine and discuss the impact of data analytics on audit. The study about data analytics in audit procedures is still limited, as is also recognised by Jin et al. (2015), who state that it is not a secret that the industry is ahead of academia in research and application of (big) data. This study aims to be a starting point on this subject, but as more research is needed, a call for research on this subject is made.
In the professional literature, there are some relevant publications found, for example by Liddy (2015), De Kroon & Karp (2013) and Murphy & Tysiac (2014). A good example of research on the application of data analytics in audit from the professional world, is the research conducted by the Association of Chartered Certified Accountants (ACCA) and Institute of management Accountants (IMA). This study examines how data analytics will affect businesses over the next 5 to 10 years, and what opportunities and challenges it will create for the accountancy profession (ACCA & IMA, 2013).
This study aims to contribute to the academic literature, by analysing existing literature and conducting interviews with experienced audit professionals. This leads to the following main research question:
What is the impact of data analytics on the audit procedures for financial auditors?
To answer the main research question, four sub questions are formulated:
10 In order to understand how data analytics is applied in audit practices, first, it is important to understand why data is relevant for auditors and what data exactly is. In this section, a clear definition will be given for these terms based on a literature review of prior literature. This sub question will be discussed in chapter two.
2. What are the audit procedures of a financial auditor?
In this section, a clear description about audit procedures will be given based on the academic and professional literature. It is important to know all the processes of audit procedures, to find out in which process data analytics can be applied. The answer for this sub question can be found in chapter three.
3. How can data analytics be applied in the context of an audit procedure?
The goal of this sub question is to combine the first and second sub question together, and find a link about how data analytics can be applied within audit procedures. The answer to this question will be based on the answers of the first and second sub questions and academic and professional literature. This sub question is described in chapter four.
4. How is data analytics applied in financial audit practices at accounting firms and how is it experienced by financial auditors?
The last sub question is answered by conducting interviews with different professionals of a Big Four audit company. The interviews will provide a view about how accounting firms deal with data analytics, how the financial auditors experience this and what their opinions are on data analytics. The answer of this sub question is discussed in chapter five.
Together, with the answer of these four sub questions, the main question will be answered in chapter seven.
11
1.3 Relevance of this study Theoretical relevance
The main motivation for this study is to make a start with researching the impact of data analytics in the field of accounting. As mentioned above, this area is still under researched. Data is like the new oil, which is crude, and to get the value, it needs to be refined and changed. Data analytics is a tool to refine the huge, complex and varied data into valuable information (Rotella, 2012). Prior literature only mentions the advantages of data analytics for companies in general. For example, a recent study of Pearson and Wegener (2013) found that companies with most advanced analytics capabilities have a better performance than the competitors by wide margins; companies that use (big) data analytics are five times faster to make decisions than market peers.
This study contributes to the literature by means of the extensive description about how data analytics can be applied in the context of audit procedures. Furthermore, it will give an
overview of the opinion of financial auditors with regard to the use of data analytics in audit.
Practical relevance
This study will also provide an overview for auditing firms about the impact of data analytics on financial auditing department. Therefore, audit firms which consider the implementation of, or are in the current process of implementing data analytics can use this research to find out what the experiences are of their peers. Furthermore, this research will also provide a picture for the studied company about the view of their own employees regarding this
technological innovation within audit. Based on the experiences of these auditors, audit firms can improve some negative issues of applying data analytics, which will lead to a higher value for auditors to use this new technique.
1.4 Thesis outline
This study consist of seven chapters. The first chapter is the introduction of this thesis, describing the background, research question and relevance of this study. In the second chapter, definitions and background on data and data analytics are given and discussed based on existing literature. The third chapter describes the current audit procedures. Chapter four will combine chapter two and three together and explain about how data analytics can be applied within audit procedures. Chapter five outlines the methodology of this research,
12 which consist of conducting interviews. The findings of these interviews will be described in chapter six. The final chapter concludes this study.
13
2. Data and data analytics
The objective of this chapter is to answer the first sub question: what is data and data analytics? In the first paragraph, the definition of the term ‘data’ and the importance hereof will be discussed. Further, data will be described by means of the three Vs, namely volume, variety and velocity. Subsequently, the type of data will be discussed. The second paragraph is about data analytics. This paragraph will look at the general use of data analytics in the business by means of discussing several definitions of data analytics from both business dictionaries and academic literature. The goal of this paragraph is to create a general view of what data analytics is. The last paragraph is a conclusion of this chapter. This chapter is written based on the literature review of several electronic resources and academic literature.
2.1 Data
According to Oxford dictionary (2014), data is defined as: “facts and statistics collected together for reference or analysis”. A more extensive description of Oxford dictionary (2014) is “the quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signal and recorded on magnetic, optical, or mechanical recording media”.
In short, data can be in the form of characters, digits or symbols which are gathered. Hereby, it is important to realise that data is not the same as information. The difference between these two will be discussed below.
With the definitions of data, an important question that must be asked: why is data important? And to be more specific: why is data relevant for auditors? According to Ackoff (1989), an American organizational theorist and a pioneer in the field of management science, the human mind can be divided into four categories, which is presented in a pyramid (see figure 1).
14 On the bottom of the pyramid, is data. As discussed it above, data can be presented in any form, it is just something that exist. These data has not any interpretation and also there is zero value assigned to this data. Information is located at the second place of the pyramid. This is the data which is processed and interpreted which can be useful. Here the information may create value for its users, which is the main difference between data and information. The next element in the pyramid is knowledge. This is a combination of information,
experience and insight. Information will become knowledge when the user can remember this information. This part will also create value, because the user is now able to do something with the information, for example answer a question. On the top of the pyramid is wisdom. This is the evaluation of the understanding process. The evaluation process consists of human judgement, which also adds significant value. The transformation of data to wisdom includes the understanding process. The more in depth understanding of the data, the more value you will create (Ackoff, 1989).
In short, data itself is not valuable and important, it has to be interpreted and converted and passed through the understanding processes to become wisdom. Wisdom is important because it can generate a significant value. For example, companies can use wisdom to create more insight and make better decisions or to verify and disprove existing models or theories (Rouse, 2008).
2.1.1 The characteristics of data
To distinguish data, this term can be described with three characteristics, which are also called the three Vs: volume, variety and velocity. These are the classical dimensions to define data (Zikopoulos et al., 2011). However, nowadays, some literature will also mention other Vs to expand the description of data, for example value, veracity, and variability (Vorhies, 2013). This study will only use the three classical dimensions to describe data; thus the new Vs are disregarded. This is because researchers in the existing literatures are not consistent in using these new characteristics and there is no consensus about these terms. A short description of each of the three Vs will be given below.
Volume
The volume of data refers to the size of data. At this moment, the volume of data is
15 process and analyse the massive amount of data that they have. But by the use of the right technology platform, data can be managed and analysed to gain insights for the business. But still, currently, the data management processes of most companies cannot keep up with the rate of data growth, which leads to a blind zone for these companies (Zikopoulos et al., 2011). The amount of data companies have keeps growing, but at the same time they can only
process and analyse a declining percentage of this data. The blind zone covers all unprocessed data, and with this unprocessed data, potential value to the company might be lost (see figure 2). The data might as well have no meaning at all, but that is unknown as well. And here lies the problem according to Zikopoulos et al. (2011), the company simply does not know.
Variety
The variety of data is about the type of data which can be structured, semi-structured and unstructured. These types of data will be explained below in more detail.
With traditional tools, companies can only analyse and manage the structured data. But since the last years, researchers found out that there is also value in unstructured data; due to the growth of the amount of both semi-structured and unstructured data, companies need to use all types to gain wisdom and to create more value for their business (Zikopoulos et al., 2011).
Velocity
Velocity is about the speed to create data and the speed to generate value out of these. A fun fact is that the 80% of the existing data in the world is created in the past two years (Fisher, 2015). And because data are quickly produced nowadays, they also have the characteristic of a short shelf life. To generate useful information and create more value, companies must be
Figure 2: Data process (Zikopoulos et al., 2011).
16 able to manage all data in near real time; otherwise it will be less or not valuable anymore (McAfee & Brynjolfsson, 2012).
2.1.2 Types of data
As mentioned above in the section on variety, data can be divided into three types: structured, unstructured and semi-structured. Structured data are transactional data; the information is organized in pre-defined entities. By using relations and classes, similar entities will form a group; within this group, the entities have the same attributes. For example, an employee table in the database of HR department, in which the persons are the entities and their last name, first name, date of birth are the attributes. These types of data come typically from databases, enterprise systems, and XML data etc.
Unstructured data are interactive data, which is continuously adding variety (emails, videos) and increasing in velocity. It is not fully organized in a pre-defined manner as with structured data. Examples of this type of data are video files, e-mails, and social media like Twitter etc. (Cardoso, 2007).
Semi- structured data finds itself in between the structured and unstructured form. It has some structure, but it also contains some unstructured components. This type of data is organized into semantic entities, and these similar entities together form a group, but the entities within this group may not have the same attributes (Cardoso, 2007). An example of semi-structured data is a curriculum vitae (CV). When creating a CV, data is used to form it. But although CV’s can be grouped together, there might be a difference in the attributes between the CV of person A and the CV of person B. For instance, person A put in a list of previous employment where person B has a section on research experience.
By the rise of computers and internet, the volume of data is growing day by day. Furthermore, the variety and velocity of these data are also changing constantly. This brings both
advantages and disadvantages for companies. The advantage is that companies have more information than ever available to use; the disadvantage is that data are raw and partly unstructured, which results in companies not knowing how to manage it (Mohanty et al., 2013). And by the use of the traditional tools, it is not possible to manage and analyse these new data type. In the next section, data analytics, a tool for data analysis, will be discussed.
17
2.2 Data analytics
The value of data is created by transforming it into wisdom. To do this, companies must analyse their data in a short time. As mentioned before, traditional tools for data analysis are only suitable for structured data. At this moment there is more and more demand for a tool which is also capable to analyse semi-structured and unstructured data. To solve this problem, data analytics is developed to manage and analyse all types of data.
This paragraph will provide a view on what data analytics is. There will be several definitions given from business dictionaries to academic literature, and all these definitions will be compared with each other. The information about the technical aspect of data analytics will not be discussed, for example suitable systems for data analytics and capture systems for data. The reason why this part is not included is because this research does not focus on the
technical aspects of data analytics. That is another study by itself. The goal of this research is to examine which audit procedures can be supported by data analytics and what the
experiences are from auditors.
Below, definitions of data analytics will be quoted from two kind of sources, business dictionaries and academic literature. These are with regard to the general definition of data analytics. To create a common understanding of the definition of data analytics, definitions from various sources are analysed. According to Bracken & Oughton (2006), establishing a common understanding of definitions is required to perform effective research as it prevents misunderstanding. This analysis leads to a definition of data analytics that will be used throughout this study.
Chapter 4 will zoom in and focus more on the application of data analytics within the context of financial audit.
Definitions of business dictionary
According to Techopedia (2015): “Data analytics refers to qualitative and quantitative techniques and processes used to enhance productivity and business gain. Data is extracted and categorized to identify and analyze behavioral data and patterns, and techniques vary according to organizational requirements”.
BusinessDictionary defines analytics as follows: “Analytics often involves studying past historical data to research potential trends, to analyse the effects of certain decisions or events, or to evaluate the performance of a given tool or scenario. The goal of analytics is to improve
18 the business by gaining knowledge which can be used to make improvements or changes” (BusinessDictionary, 2015).
On the website of Search data management, data analytics (DA) is described as: “the science of examining raw data with the purpose of drawing conclusions about that information”. (Rouse, 2008, para. 1). In this definition, a new element is added to the definition, namely drawing conclusion; this was not mentioned it before.
Definition of academic literature
According to Kricheff (2014), data analytics: “consists of gathering the proper data and then manipulating and examining it so that you can reach logical conclusions about the data you are looking at” (p. 4). This definition is almost the same as the one of Rouse.
In the book of Thomas A. Runkler, he defines data analytics as: “the application of computer systems to the analysis of large data sets for the support of decisions” (Runkler, 2012, p. 2).
Johnstone et al. (2015) described data analytics as: “the process of examining large amount of data to uncover underlying patterns, correlations, and complex relationships through statistical method for data modelling, and techniques that enable visualization of data” (p. 376).
Table 1 below shows the common characteristics of data analytics of all definitions from both dictionaries and academic literature.
Characteristics References
Analyse data All the definitions
Big volume of data Runkler, Johnstone et al.
Improve the business Techopedia, BusinessDictionary,
To make a conclusion Search data management, Kricheff
Support decision making BusinessDictionary, Runkler
Detect trend/pattern/ relationship Techopedia, Business dictionary, Johnstone
et al.
Table 1: Common characteristics of data analytics.
Based on these common characteristics, the definition of data analytics is summarized as follows: data analytics is the process of analysing big volumes of data to draw a conclusion on
19 the trends, patterns and relationships of these data and support the business in decision
making. Furthermore, it will also improve the business by supporting the decision making process.
2.3 Conclusion
In this chapter is explained what data and data analytics are. Data can have different forms, for example characters, statistics and videos. Data itself has zero value, it should be
transformed into information, knowledge and eventually wisdom to get value out of it. This is also the reason why data is important. It is a source that will deliver extra value to the
business when it is properly used and analysed.
Nowadays, the amount of data is increasing rapidly. The volume, variety, and velocity of data are changing quickly. The biggest part of the existing data is created in the last few years; because the rise of massive use of computer and internet, the type of data is also changing from structured data to more unstructured data. These data have a high velocity, and it forcing companies to manage and analyse these data in a fast pace to generate value before it is too late.
Traditional data analysis tools are not capable of doing this, while data analytics offers the perfect solution. It is a relative new process to analyse all kinds of data and will help improve the business by detecting trends, patterns and relationships of data to draw a conclusion that supports the decision making process.
20
3. Audit procedures
This chapter will answer the second sub question: what are the audit procedures of a financial auditor? The goal of this chapter is to gain understanding of the processes of audit procedures. This will help to create an overview of procedures where data analytics can be applied during audit, and why analytics will improve the procedures.
In the first paragraph, the activities of financial auditors will be explained by means of looking at and comparing different definitions of auditors. In the second paragraph, audit engagement process will be discussed; this process exist of five steps: planning, risk assessment, audit strategy and plan, gathering evidence and finalisation. Each step will be explained extensively. The conclusion of this chapter can be found in the last paragraph. This chapter is written based on the literature review of several electronic resources and academic literature.
3.1 Financial auditors
According to Oxford dictionaries (2015), audit is “an official inspection of an organization’s accounts, typically by an independent body”. BusinessDictionary defines audit with regard to the accounting perspective as follows: “systematic examination and verification of a firm's books of account, transaction records, other relevant documents, and physical inspection of inventory by qualified accountants (called auditors)” (BusinessDictionary, 2015). Both definitions mentioned the inspection role of auditors, and only BusinessDictionary mentioned the verification role.
To look at a more professional description of the objectives of audit, International Standards on Auditing (ISA) 200 states auditing as:
1. “To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.” 2. “To report on the financial statements, and communicate as required by the ISAs in
accordance with the auditor's findings” (ACCA, 2014, para. 7).
Kumar & Sharma (2005) further define auditing with the following characteristics: 1. Auditing is independent and critical examination of the accounts.
21 2. Examination should provide a true and fair view of the business for the accounting
period.
3. Detect frauds and errors in the accounts.
4. Job is performed by an independent, which is qualified for the job.
5. Auditors need to examine all the evidence related on the business to provide a correct and reliable report.
In the mentioned characteristics of Kumar & Sharma (2005), the term independent is named multiple times. Only independent auditors will deliver value to audit.
In short, auditors are evaluating financial statements (balance sheets, profit and loss
statements, cash flow statements and statements of retained earnings) in all material respects, in accordance with an applicable financial reporting framework to provide reasonable
assurance that the financial statements of the client are clean from misstatement. This will be reported by a formal opinion, also called the auditor’s opinion or auditor’s report. This report provides evidence to interested parties such as stakeholders, shareholders, creditors etc. with regard to the reliabilities and validities upon the information of financial statements
(Millichamp, 2002).
Within this process, there is audit risk present. This is the risk that the auditor may issue by providing an inappropriate auditor’s opinion due to a material misstatement in financial statement (Millichamp, 2002). Material refers to the materiality concept, which is defined in IAS 320 as: “misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements” (INTOSAI, 2015, p. 460). Note that materiality differs for every firm, thus it is the job of auditors to consider the character of each company to decide what material is for them.
3.2 Audit engagement process
To inspect and verify the financial statement of a company, auditors need to walk through the audit engagement process to make sure that they do not make any mistake. Audit processes may differ from firm to firm, but generally the process are more or less the same. In a report of PricewaterhouseCoopers (PwC) they divided audit process into five phases, namely planning, risk assessment, audit strategy and planning, gathering evidence, and finalisation (see figure 3) (PWC, 2013). In the next part, all phases will be discussed in detail.
22 3.2.1 Planning
Planning is the initial phase of the audit process. The first step is to decide whether or not a new client should be accepted by the audit firm (client acceptance). Besides new clients, audit firms have also existing clients who ask for continuous engagements (client continuance). Hereby, a number of issues play an important role. First of all, auditors should assess the engagement risks that a client will entail. This risk can be influenced by reputation and ethical issues of the client which might affect the audit firm negatively. For example, a client with bad reputation will bring more risk to an audit firm than a client with good reputation.
Auditors can evaluate the engagement risk by conducting a background check of the client or communicating with the previous auditor to obtain client’s information. In practice, every audit firm has their own policies and procedures for client acceptance (PWC, 2013).
The next step is to verify the compliance of independence requirements. This is important to make sure that no employees of the audit firm have any interest in the client. Only then the controlled financial statements will be non-biased and useful for the stakeholders. Auditor independence is characterized by two elements: objectivity and integrity. Section 290 of IESBA Handbook defines some criteria for independence. If one of the following criteria is met, the audit quality cannot be guaranteed. These criteria are:
- Having a financial interest in the client
- Having a family relationship with employees, management or owners of the client - Performing work that is the responsibility of management
- Audit work that was originally completed by the auditor or the firm
- Providing services that are incompatible to the objectives of the external audit (IFAC, 2014).
After these two steps, a team should be formed to perform the audit. Thereafter, a meeting should be arranged; the preparation work should be divided within the team, and a plan should be made about all the engagement matters, for example the deadline, requirements of
23 the client, extent of procedures etc. When all the previous steps are done, an engagement letter need to be prepared. Herein the legal relationship between audit firm and the client is defined.
3.2.2 Risk assessment
In the second phase of the audit engagement process, risk assessment plays a significant role. BusinessDictionary (2015) defines risk as follows: “A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal
vulnerabilities, and that may be avoided through pre-emptive action”.
Auditors are at risk for the fact that financial statements of the client are misstated after the completion of the audit process, where an unqualified opinion on the statement is given. This is also called the audit risk. Thus in this step, the auditors need to assess the audit risk and develop a response for it. This is an important process, because auditors do not examine all the transactions of the client, which can lead to a materiality misstatement. The reason why not all the transactions are tested is because there are too many of them within a company. It is impossible to check all the transactions to occurrence, completeness, accuracy, cut off and classification; if it is possible, this will cost a lot of time for the auditors and will increase the audit cost for the client, who is not willing to pay it (Crous et al., 2012).
This audit risk exists of three elements: inherent risk, control risk and detection risk. Together the next model is formed (Puncel, 2008):
Audit Risk = Inherent Risk x Control Risk x Detection Risk
Inherent risk is the probability of an assertion to a misstatement due to error or fraud before the consideration of any related internal control. Control risk is the probability that a misstatement cannot be prevented or detected on a timely basis by the company’s internal control. After identifying the inherent risk, some controls are designed to detect and prevent this risk. Auditors will verify these controls and assess the reliability of these controls. However, the control risk will always exist, regardless how well these controls are designed. Detection risk is the probability that the auditor will not detect a material misstatement that exists in the financial statement (Puncel, 2008).
24 It is the task of auditors to gather evidences until the audit risk is reduced to an acceptable level. Because a high audit risk can lead to litigation risk and reputation loss for the audit firm, regulatory penalties, and increasing chance that auditors will be fired by the client. Besides gathering evidence, auditors also need to identify red flags: these are the potential problems that may arise during auditing, which require extra attention. To detect these red flags, auditors need to obtain an extensive understanding of the client’s business, environment and industry etc. Figure 4 provides an overview of the areas that auditors should be well informed on.
3.2.3 Audit strategy and plan
The third phase in the audit engagement process is to set out a strategy and a plan to address the audit risk of the previous phase. This will be documented in a written plan (IAS 300). The goal for setting out an audit strategy is to determine the required resources during the audit engagement. With this, auditors should take a few elements in to account, for instance the scope of the engagement.
Besides this, audit objectives based on the obtained information of the client related to audit risks should be determined. Audit objectives can be divided into two categories, namely transaction-related and balance related. An identification by auditors at every audit area of the client is required before they can draw the conclusion that the financial statements are fairly stated (Crous et al., 2012).
When the strategy is determined, an audit plan should be created. This plan is more elaborate than the strategy, and is relevant to provide an effective and efficient audit. This audit plan is also called tailored audit program. All the relevant details related to the client are listed herein.
Both audit strategy and plan should be re-determined when receiving new information of the business and its environment (PWC, 2013).
Understand client's business and industry Industry and external environment Business operations and processes Management and governance Objectives and strategies Measurement and performance
25 3.2.4 Gathering evidence
In the fourth phase, the sufficient evidence will be gathered by several tests on client’s internal controls, disclosures of the financial statement and documents of third parties etc. This will be evaluated with a professional scepticism of auditors, which refers to the auditor’s attitude, including a questioning mind and being alert to conditions that could lead to a possible misstatement, and a critical view of the evidence (Glover & Prawitt, 2013).
As mentioned in the second phase of the audit engagement process, auditors performed a risk assessment to determine the audit risk. But this alone is insufficient to support the audit opinion. Thus besides risk assessment in the second phase, auditors also need to perform an additional procedure to collect audit evidence. This can be performed by a test of controls and if it is necessary, a substantive procedure (PWC, 2013).
3.2.4.1 Test of controls
Nowadays, automation finds place in every business, requiring more controls within the company for an optimal operation. In the preceding phase, auditors determined the reliance of these internal controls by the client, which should reduce the audit risk. During the audit period, auditors can perform a tests of controls to assess whether these key controls are well designed and operating effectively to prevent or detect material misstatements in the financial statement (PWC, 2013).
Test of controls has generally three types: reperformance, observation and inspection. Reperformance is that auditors can start a new transaction, to see how the control environment works at the client, and whether these controls are good and sufficient. By observation, auditors will observe the business operation of the client and especially the control elements. Inspection means that auditors will verify client’s documents, which are approved with a stamp, signature etc. to check whether or not the controls are well performed (Bragg, 2014).
When testing controls, auditors will use a sample of the client’s documents instead of all the documents. Based on the result, auditors can determine the reliance of the client’s controls; if the test gives a negative result on these controls, than auditors will expand the sample size and prepare an additional substantive test. Note that this extra control will only contribute to the advantage of the auditor self and not to grant benefits for the client, because it is the auditors who need to provide assurance (Bragg, 2014).
26 3.2.4.2 Substantive Tests
Substantive tests are those activities designed to detect fraud or material misstatement related to transactions or account balances. This test is prepared when the test of controls results in low level reliance of client’s controls or the gathered evidence is not sufficient to form a conclusion. This test will reduce the detection risk by providing evidence about the
appropriateness of the actual account balances (Crous et al., 2012). Substantive tests contain analytical procedures and test of details of account balances, transactions and disclosures. This will be explained hereafter.
Substantive procedures ─ Analytical procedures
AICPA defines analytical procedures as: “evaluations of financial information through analysis of plausible relationship among both financial and nonfinancial data; Analytical procedures also encompass such investigation, as is necessary, of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount” (AICPA, 2012, p. 1). The goal of this procedures is to obtain assurance and to ensure that the audit data are reasonable presented in the financial
statements.
Analytics procedures are performed in four steps. The first step is to develop an independent expectation, and this is also the most important step of the procedures. Auditors can determine an expectation, which can be predicted based on the calculated ratio. The second step is to define a significant difference or threshold, which can be an amount or a percentage. Auditors need a threshold in order to keep the difference within the acceptable level. The threshold should be smaller than the planning materiality in order to ensure that the auditors can still find the potential misstatements. The third step is to compute the difference, which is calculated by a comparison between the expected value of the recorded amounts and the identification of significant difference of step two. The final step is to investigate the significant differences and draw a conclusion about it. It is necessary to conduct further investigation if the difference is significant, because this means the probability of misstatements will increase (Fung, 2010).
To perform analytics procedures precisely, auditors need to pay attention on four key factors. The first one is disaggregation. It is better to disaggregate the analytical procedures, because this provides more precise work; if the analytical procedures are not detailed into levels, than
27 there is some room for misstatement. Thus auditors should apply a professional judgement and experience about the degree of disaggregation of data. The second key factor is data reliability. Auditors should consider the reliability of both internal and external data. The source of data is an important aspect to judge the reliability of these data. For example, the data is reliable when it comes from a person within the company, which does not have any intention to manipulate it. The third factor is predictability. It is recommended to auditors to use non-financial data to predict the account relationships. Based on this, auditors can develop more precise expectations, which result in an increased reliability. The last factor is the type of analytical procedures. Based on the objective, auditors can choose between several types of analytical procedures (Fung, 2010).
Substantive procedures ─ Test of details of account balances, transactions and disclosures The goal of this test is to find errors related to account balances, transactions and disclosures. These tests will be performed by auditors if it is not possible to test the accounts with a precise prediction (PWC, 2013). Test of details include the following:
Test of details of account balances. Auditors test client’s account balances based on the next criteria: Existence – accounts balances are actually existed.
Right & Obligations – entity have the control on the obligations. Completeness – account balances are recorded completely.
Valuation & Allocation – accounts are recorded with the correct amount.
Test of details of transactions. Auditors test client’s transactions to ensure that these are in line with the objectives of the transactions. The transactions are tested on the following criteria: Occurrence – all the transactions have actually happened.
Completeness – all the transactions are recorded. Accuracy – data of transactions are recorded correctly.
Cut-off – transactions are recorded in the correct accounting period. Classification – transactions are recognized by the right accounts.
Test of detail of disclosures. Auditors review the disclosures by test the following criteria: Occurrence – disclosed events are actually happened.
Right & Obligations – disclosed events are pertained to the entity. Classification & Understandability – disclosed information is presented clearly.
28 Accuracy & Valuation – disclosed information is fairly (Whittington & Delaney, 2012).
3.2.5 Finalisation
This is the last phase of audit engagement process. All the results are reported by the auditors, and this will be reviewed through seniors, directors and partners of the audit firm. Some critical matters which are reported, should be resolved. This is the task of both the auditors and the client. Together with the evidence and the findings of the tests, auditors will form a conclusion, which is the base of the auditor opinion (PWC, 2013).
There are two types of audit opinions, namely the unqualified and reservation opinion.
Unqualified opinion consist of a standard unqualified report, which is a clean opinion without any material misstatement, and a modified unqualified report, which is a clean opinion with an added explanation to provide some specific information.
Reservation opinion consists of three types. The first one is the qualified auditor’s report, in which the financial statement is presented fairly with one or more exceptions. The second one is the adverse auditor’s report, in which the financial statement is not presented fairly. The last type is the disclaimer of opinion, the auditors do not give any opinion (Puncel, 2008). Figure 5 provides a clear overview of the different types of audit opinion.
29 After the audit opinion is issued, auditors need to plan a meeting with the client to report the result of the engagement process. Sometimes, auditors also give a suggestion about how to improve the client’s business. Besides this, auditors also need to evaluate their own
performances within the team to improve the weak point during the engagement for the next time.
3.3 Conclusion
This chapter answered the third question, namely what are the audit procedures of a financial auditor. The objective of audit is to obtain reasonable assurance that the financial statements of the client’s company are free from material misstatement, by auditors evaluating financial statements in all material respect, which should be in accordance with an applicable financial reporting framework. Hereby auditors need to be independent from the client, and they are required to use a professional scepticism during the audit process.
Audit engagement processes differ from firm to firm, but in general, audit engagement processes will be divided into five phases: planning, risk assessment, design an audit strategy and plan, gathering evidence and draw conclusion.
In the planning phase, auditors need to decide whether or not to accept the new client. This is dependent on the assessed engagement risk of the client, because a high risk client can bring some negative impact to the audit firm. Besides this, auditors also need to verify the
compliance of independence requirements to ensure that they are independent of the client. Only then, the controlled financial statements will have value to stakeholders. After this two steps, the planning for the process will be made within the audit team.
In the second phase, auditors will assess the audit risk, which exists of inherent risk, control risk and detection risk. The audit risk should be at an acceptable level in order to avoid litigation risk and reputation loss by giving a wrong opinion on the financial statement. To assess the risk correctly, auditors need to understand the client’s business and industry well. In the third phase, auditors need to set out a strategy and a plan for preparation of the engagement.
In the fourth phase, auditors will gather evidence by performing a test of controls and if necessary substantive procedures. Test of controls are conducted to assess whether the internal controls of the client are sufficient, and to define to what extent the auditor can rely on these controls. By means of substantive tests, error or fraud of material misstatement will
30 be detected by performing some test activities. Substantive procedures exist of two types, analytical procedures and test of details of account balances, transactions and disclosures. By analytical procedures, financial information will be evaluated through analysis of plausible relationship among both financial and nonfinancial data. These will be performed in four steps. Step one is to develop an independent expectation. Step two is to define a significant difference or threshold. The third step is to compute the difference. The last step is to investigate the significant differences and draw a conclusion about it. To perform analytical procedures precisely, auditors need to be alert of disaggregation, data reliability, predictability and the types of analytical procedures.
For the other type of substantive procedures, auditors will test account balances, transactions and disclosures to find the existing errors.
In the last step of the audit engagement process, finalisation, auditors will form an opinion (auditor opinion) based on the gathered evidence. The auditor opinion can be unmodified or modified. After forming the opinion, auditors will come together with the client to discuss the results.
31
4. Applying data analytics in audit procedure
The era for data analytics provides new opportunities for several businesses (Pearson & Wegener, 2013). As defined in chapter two, data analytics is a method to study the historical data, to find a potential trend and analyse this. This should improve the business by gaining knowledge.
In chapter three, the job of financial auditors are explained. Financial audit is an official inspection to systematically examine and verify a firm’s books of account, transaction records etc. Furthermore, the audit engagement process is also discussed extensively.
This chapter will answer the first part of the last sub question: “how can data analytics be applied in the context of an audit procedure?” The data analytics part of chapter two will be further more in depth explained by look at the use of data analytics by Big Four audit firms. This will be combined with the audit engagement process of chapter three to draw a
conclusion about the application of data analytics on audit.
This chapter is structured as follows: in the first paragraph, data analytics will be discussed by means of the descriptions of data analytics according to the Big Four audit firms. This will create an impression about the thoughts on data analytics of these firms. Paragraph two will look at how data analytics can be applied within the audit engagement process to improve this process. Furthermore, the advantages and potential disadvantages will also be discussed. This chapter is written based on the literature review of resources provided by professionals and academic literature.
4.1 Description of data analytics according to Big Four audit firms
In chapter two, a comprehensive understanding about data and data analytics has been obtained by looking at what data is and what data analytics is according to several definitions of literature and business dictionaries. However, the definitions of data analytics within the context of financial audit is not discussed.
In this paragraph, the description of data analytics according to the Big Four audit firms will be discussed and compared. The goal of using these description is to have a more in depth view on how data analytics can be adopted within the audit procedures.
Deloitte defines data analytics as “the practice of using data to drive business strategy and performance. It includes a range of approaches and solutions, from looking backward to evaluate what happened in the past to looking forward to do scenario planning and predictive
32 modelling” (Deloitte, 2015, para. 2). EY uses the following definition: “data analytics is a technique that is used to explore plausible relationship among both financ ial and non-financial data in order to drive greater insight into the operations of entities and the risks that they face” (EY, 2015, para. 1). KPMG defines data analytics as “an analytical process by which insights are extracted from operational, financial, and other forms of electronic data internal of external to the organization” (De Kroon & Karp, 2013, p. 4). Finally, PWC gives the following definition for data analytics: “the discovery and communication of meaningful patterns in data” (Talesara & Harrington, 2014, p. 7).
The descriptions of data analytics between Big Four firms are slightly different. EY explicitly highlights the use of both financial and non-financial data, while the others did not. Table 2 shows the common characteristics of the descriptions.
Compared to the general definitions of data analytics given in chapter two, those definitions highlight more the fact that data analytics will improve the business by supporting the decision making process, while the descriptions of Big Four do not highlight this.
4.2 The use of data analytics within audit
Chapter three named the five phases of the audit engagement process, namely planning, risk assessment, audit strategy and planning, gathering evidence, and finalisation. This paragraph will combine data analytics with the audit engagement process to define at which part of this process analytics can be applied.
With the common characteristics of audit data analytics’ definition in mind, audit data analytics can be applied to analyse and identify the anomalous patterns and outliers in data. Thereby fitting exactly in the process of detecting risk (Byrnes et al., 2014 ). This leads to the
Characteristics Reference
Use data Deloitte, EY, KPMG & PWC
Drive business and strategy Deloitte
Create insight EY, KPMG
Explore relationship/trends EY, PWC
Draw conclusions KPMG
33 conclusion that data analytics may be applied in three out of the five phases of the audit
engagement process, namely planning, risk assessment and gathering evidence (Murphy & Tysiac, 2014).
In the planning phase, auditors use data to assess the engagement risk to decide whether or not to accept the client. This can be conducted by means of a background check of the client, which require auditors to use and analyse the client’s data. Data analytics can improve the way that auditors gain an understanding of the client by comparing the data with industry data or historical data. This will create an extra insight for auditors in the reliability of client’s data (Titera, 2013).
In the risk assessment phase, auditors need to determine the possible risk that the financial statements of the client are misstated after the audit is completed. Auditors will perform this step by obtaining an extensive understanding of the client’s business, environment and industry etc. In this process, auditors will also conduct some data analysis. By the use of data analytics, auditors will gain a better understanding of the client’s business, environment and industry because data analytics has the ability to compare data between companies and its peers (Titera, 2013). Next to this, it will also help auditors to assess the risk of material misstatement. Data analytics creates the ability to combine databases and files, which are sorted, summarized and analysed, and can be used by auditors to view the data from different angles and to identify patterns and trends which are related to error, fraud and outliers. This makes data analytics a great tool for fraud detection and forensic auditing (Audimation Services, n.d.; Whitehouse, 2014).
In the phase of gathering evidence, auditors will perform several tests of client’s internal controls, disclosures of financial statements and documents of third parties etc. Different data will be gathered by auditors and analysed. Here, data analytics can improve the audit evidence to a higher quality, because data analytics is very effective in identifying anomalies. In
practice, the lack of anomalies is insufficient evidence for auditors to conclude that the balance is free of material error (Titera, 2013). Thus, data analytics can be easily applied, for example by detection of duplicates and by reviewing data of Accounts Payable (AP) and Accounts Receivable (AR) (Audimation Services, 2011).
34 As mentioned before, the goal of auditors is to obtain reasonable assurance that the financial statements of the client’s company are free from material misstatement. For this, data analytics can be applied to reach the same or even better level of assurance, being more efficient in time spent, thereby decreasing the cost for audit.
Audit data analytics can provide more assurance than traditional manner of performing audit. The traditional manner to perform audit procedures is to collect a sample of financial or business information (audit sampling), this sample would represent the whole population. For example, by performing a test of details of account balances, transactions and disclosures. Auditors will only use a sample of all the transactions because they cannot test all of them due to the fact that it is very time and money consuming. By using this method, the sampling risk will arise. This is the risk that auditors draw up a wrong conclusion because the selected sample did not accurately represent the population. Thus auditors need to consider how to select samples to minimize the likelihood of sampling risk.
Data analytics can solve this problem by enabling auditors to test all the transactions, rather than just a sample of the population on a more frequent time. Therefore, the need for audit sampling will decline and sampling risk will disappear, which leads to an increase in assurance (Byrnes et al., 2014 ; Johnstone et al., 2015)
Another benefit of applying audit data analytics is that it can be used for continuous auditing (CA). Rezaee et al. (2001) defined CA as: “a systematic process of gathering electronic audit evidence as a reasonable basis to render an opinion on fair presentation of financial statements prepared under the paperless, real-time accounting system” (p. 151). By leveraging modern information technologies, organizations are now able to conduct their business transactions electronically and perform their financial statements on a real-time system. This innovation brings some advantages. First, the cost for audit will decrease due to the fact that auditors can perform a test of detail in a shorter time and the traditional manual examination will be faster because all the information can be assessed from central systems, in which auditors can get the information faster. Second through CA, auditors are able to test the whole population of client’s transactions and data instead of a sample of the population, this will improve the assurance which is mentioned above. Third, the quality of financial audit will improved, because CA allows auditors to have a better understanding of the client’s business and environment (Rezaee et al., 2001).
