Friday, November 5, 2010

Rutgers WCAS - Advancing Audit Analytics. Key learnings

Session Moderated by Trevor Stewart (Retired Partner, Deloitte)

Panelists:

Dr. Rod Brennan (Siemens - Risk & Internal Control Officer)
Mark Loizeaux (Deloitte - Assurance National Office)
Amy Pawlicki (AICPA - Business Reporting and XBRL)
Phil Wedemeyer (Grant Thornton, Assurance National Office)

Key Learnings:
  • Now that the SOX windfall is over for the large accounting firms, external audit fees are returning to the trends of fixed price work. Hence, external auditing firms are strongly encouraging their clients to increase the use of CA and data analysis, so they can review those results and gain greater assurance in the same or less number of hours.
  • Knowledge of data analytics varies widely among the audit teams at the largest audit firms. Even members of the most advanced engagement teams in the "best" offices work on very low-tech, (i.e. limited use of data analytics) audits in the same office.
  • Despite internal controls emphasis by the auditing firms and auditing standards, nearly all signing external partners have a greater level of trust in Balance Sheets than other audit procedures.
  • The PCAOB believes that external auditing is a standard, continuous process that must be followed. Departures from standard process should be documented in audit workpapers. Identifying anomalies and explaining them is an integral part of this process.
  • PCAOB Auditing Standards have been expanded to include rigorous guidance on how to do a risk assessment. Data analytics should contribute to this risk assessment.
  • One of the downsides (per the panelists - not IMHO!) of more rigorous analytics is that we are more inclined to find anomalies and errors in financial processes. Having to investigate and explain these anomalies can be very costly. Example: 10,000 exceptions in Travel and Entertainment Expense review cannot practically be investigated and explained.
  • Most auditors don't like graphics as much as columns of numbers, yet their stamina for reviewing columns of numbers isn't good enough. Graphical tools to aid in the interpretation of data is an area of interest for the panelists. We at Visual Risk IQ (emphasis added - Visual is our first name!) agree.
  • Data sources that can be used to aid in continuous assurance are not limited to financial statements or internal systems. External data sources and internal operational system are excellent sources for insights on business risk.
  • Who wants a better audit? Management, or do they want less obtrusive audits? Regulators, or do they want fewer auditor-reported issues? Auditors, or do better audits cause problem during litigation? Maybe investors, but not for greater costs. And investors may not even understand the audits they get now.
  • The issues of connecting financial statements to underlying business processes and recording of transactions is a limitation of the audit profession.
  • Auditors of public companies need to understand materiality from an investor point of view. What do investors depend on to make their investment decisions? Materiality is not merely xx% of revenue or assets for all companies, especially if much of the market cap is based on future revenue or earnings, not historical results.
  • Most losses in market cap relate to failure in strategic risk, not financial risk. So is the emphasis on continuous auditing of financial transactions a flawed model?
  • Internal auditors are challenged to access data that is needed for audit analytics.
More to follow as the Conference progresses...

No comments: