The Auditor’s Perspective
From the perspective of an auditor, the rise of D&A does not represent a fundamental shift in what we do. At its core, our business has always been about the analysis of data — auditors have been collecting and analyzing data, and providing conclusions on it since the beginning of our profession.
While the concepts aren’t new, the quantity of information D&A tools are able to handle, and the speed with which they are able to do so, is unprecedented. The historical manual audit moved at the speed of paper, with teams performing procedures over a sample of transactions that often required significant manual effort by both company staff and external auditors.
Going forward, auditors will be able to analyze much larger data sets – including up to 100% of transactions – rather than relying solely on a random sampling. Being able to extract and analyze complete data sets helps auditors gain more visibility across complicated organizational structures and supports their ability to identify outliers and anomalies so they can concentrate their effort in the areas of highest risk and reporting complexity.
At the same time though, embracing the power of D&A is essential to auditors performing our duties as stewards of the capital markets. Audit quality is always our number one priority, and the use of D&A techniques on an engagement can drive audit quality in several ways. In addition to the increased depth that comes from D&A-powered analysis of significantly larger data sets, the use of automation for routine transactions increases the scope of financial information subject to testing. Furthermore, the enhanced business insights gained by auditors in a D&A-enabled audit can help them better focus their risk assessments and test work during the audit.
In moving to this new paradigm, audit committees, management and shareholders expect their auditors to keep pace with technological innovation and provide deeper insights based on the new capabilities and data volumes that are available. Audit automation allows for the use of interactive dashboards and powerful visualization tools that can convey the ‘story’ hidden within the data. These tools aid auditors in evaluating account relationships, data patterns and gaining real-time insights on transaction flows.
When we talk to audit committees and members of executive management, we consistently hear that in addition to a quality audit, they are looking for perspectives and insights on their performance, operations and risk exposures. Audit quality and data security will always be top priorities, but we believe audits can deliver new insights in a way that is entirely consistent with confidentiality and independence standards. A recently released Forbes Insights/KPMG report entitled, “Audit 2020: A Focus on Change,” found 53 percent of executives surveyed see data and analytics as transforming how audits are conducted and enhancing audit quality and effectiveness.
The following chart presents a few examples of areas in which the application of D&A in the audit enhances quality and provides valuable insights to auditors and clients on a company’s financial operations.
Internal Audit
The critical role that internal audit plays in the quality of financial reporting is just as pivotal when it comes to D&A. The value of an audit doesn’t solely come from the use of individual tools or the ability to extract data; instead, it comes from auditors applying professional judgment to the information obtained through the use of D&A – and that applies just as much to a company’s internal audit staff as it does to their external auditors.
Investigating and understanding the business reasons behind identified anomalies and exceptions, and helping to map D&A outputs against audit judgments, are critical activities that call for a company’s staff to be as equally engaged as their external auditor. If not already the case in your organization, internal audit should begin to think of itself as a key control over maintaining data quality.
Information Technology
External auditors need an understanding of their clients’ ERP and financial systems not only to audit within a specific company’s IT environment, but also to maintain data confidentiality and security. Therefore, it is incumbent on us, as auditors, to carefully consider the mix of professionals and skills that will be needed, including the increased use of IT and data security specialists. The use of technology will also change the mix of personnel who external auditors work with at their clients. External auditors will be engaging company IT staffs (the linchpin for data extraction and security management) more than before and likely requiring less time from a company’s accountants to pull documents for testing.
It is essential for companies to build strong, well connected accounting and IT teams within their operations. Over the long term, a failure to develop the right mix of data-literate financial executives and finance-literate IT specialists could leave some smaller or less well-resourced companies feeling exposed and unsure about their own systems.
Risk Management
Identifying, understanding and effectively addressing financial and business risks is a fundamental responsibility of audit committees and C-suite executives. External auditors also play an essential role in assessing risk which, in addition to the requirements of an audit, often produce observations that may be useful to management from an operational perspective. Valuable audit insights can be generated by D&A applications that include peer benchmarking and KPI assessment tools. For example, as accounts and underlying transactions are examined, these tools can help analyze typical areas of audit concern such as supplier risk and performance (especially in areas like accounts payable) or, from an operational perspective, how well a company handles its quarterly and annual close processes.
Audit Committee
While audit committee members may not understand D&A capabilities at the same level of detail as a company’s IT and finance professionals, it is essential that they understand the value proposition at work — both in terms of their company’s systems investments, as well as the D&A capabilities of their external auditor. The audit committee should have sufficient insight into the role of D&A in their company’s financial reporting process and external audit to be able to gauge its impact on audit quality while understanding how technology is permanently transforming both their company’s audit and business operations.
In summary, it is imperative that financial executives look past over-hyped ‘big data’ projects and realize the D&A-powered audit is here, and is only going to become more prominent. Going forward, this will become the way audits will be conducted by virtually all major accounting firms, and it’s critical that audit committees and executive management understand where the process is heading, the broad benefits, the essential role that technology will play, and how they can work with their internal and external auditors to effectively prepare for the requirements of tomorrow’s financial reporting environment.
Roger E. O’Donnell, CPA, is a New York-based partner at KPMG LL P, the U.S. audit, tax and advisory firm. He is global head of data & analytics — audit, for KPMG International. KPMG International’s member firms have 162,000 professionals, including more than 9,000 partners, in 155 countries. For more information on Data & Analytics, visit: www.kpmg.com/us/auditDA
Read the full-length article in this month’s edition of Financial Executive Magazine.