AC341

Corporate Governance, Risk Management and

Financial Audit
Topic 4 – Financial Audit: Theory and Practice FA1
Dr Renuka Fernando
Outline – Financial Audit

1. Introduction and theory

2. The audit process
3. Audit quality and expectations gap
4. The audit market
5. Audit regulation
6. Effectiveness of regulation and challenges
Financial Audit – Some questions
• Why bother studying corporate financial audit?
• Why do we need auditors?
• What is the objective of an audit?
• Who regulates audit firms?
Discussion questions
• What is corporate financial audit and why do we need it?
• What new technologies have been introduced to corporate financial
audit over the last 10 years?
• How are these technologies likely to change
• The audit process
• The market for audit?
In answering these questions…

… we will not just consider functional arguments proposed to explain the

existence and form of auditing and the audit market.

We will also engage in a critical analysis of audit by:

• Examining the nexus of power, wealth and political influence of audit

firms which leads us to question the apparent neutrality of audit.
• Investigating the drivers and effectiveness of regulation.
• Analyzing factors which have influenced the shape of audit methodology
• Considering the future of audit.
 When you have finished studying this topic in
AC341, you will be able to:
• Say what corporate financial audit is and why exists.
• Disentangle the technical objectives of audit firms from the real
everyday social processes within a firm.
• Describe the power and influence of the Big Four audit firms.
• Assess the structure of the market for audit and say why this matters.
• Evaluate current regulation of audit firms – is it effective?
• Describe recently proposed regulation.
• Discuss how new technology has changed the audit process and the
audit market.
Let’s take a step back
• What is good corporate governance?
• Who is responsible for corporate governance?
• Which agencies support good corporate governance?
Readings
Required reading
• Gray et al. (2019). Chapter 1 & 2
• Sunder (1997). Chapter 8
• Power (1999). Chapter 1 (pp. 1-9)

Optional reading
• Gray et al. (2019). Chapters 2 & 4
• Power (1999). Chapters 2 (pp. 15-20)
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Why are people interested in corporate
financial audit?
Why are people interested in corporate
financial audit?

• Important role in generating trust for investors and capital markets?

• Or something else?
What is Corporate Financial Audit?

• A check or quality control of the financial

statements of a company

• Certification or provision of assurance

• Performed by external, independent parties to

the company being audited

• Statutory - required by law

Traditional audit process
The power of audit

Some income statistics (2018):

• Malta - $12.54 billion

• Cyprus- $ 21.65 billion

• Big Four - $ 148.2 billion (Source: WSJ 2018)

Why are Auditors Needed?

• Independent opinion on truth & fairness of FS

(Monitoring/Stewardship)

• Credibility of FS for decision-making (Information hypothesis)

• Joint liablility with the directors for material errors if negligent

(Insurance hypothesis/risk-sharing)

• Provide advice on internal control and accounting systems

(service to management)
Principal-agent problem
(Remember this from corporate governance?)
• Misalignment of incentives between shareholders and
management
• Asymmetric information (shareholders cannot monitor
management costlessly)
What are the objectives of an audit?
• What do you think?
What are the objectives of an audit?
• APB - ISA (UK and Ireland) 200 (2020):
• “enhance the degree of confidence of intended users in the
financial statements.”
• “the expression of an opinion by the auditor on whether the
financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework.”
• “whether the financial statements are presented fairly, in all
material respects, or give a true and fair view in accordance with
the framework.”
 Limits to the objectives of an audit
• APB - ISA (UK and Ireland) 200:

“reasonable assurance is not an absolute level of

assurance, because there are inherent limitations of an
audit which result in most of the audit evidence on which
the auditor draws conclusions and bases the auditor’s
opinion being persuasive rather than conclusive).

Would you be satisfied with this if you were an investor?

Do the objectives make sense?

• Why is it only an opinion, not a statement of fact?

• What is a true and fair view?
• Why should auditors be trusted?
• How can an auditor’s work be assessed? We cannot observe
the auditors’ work unless something goes wrong.
Sunder (1997)
• Sunder’s analysis treats the auditor as an individual and not as a
multiagent organization.
• Auditors are profit-seeking (non-audit services most profitable way of
leveraging on their reputation).
• Trade-off between maximizing profit (limiting resources expended)
and the risk of litigation/ reputational damage.
• Personal relationships are an important marketing instrument.
Who has an interest in audit?
• Shareholders
• Potential shareholders
• Creditors (lenders)
• Suppliers
• Employees/unions
• Community/activist groups
• Government (taxation)
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Who regulates audit in the UK?
• Statute
• Companies Act 2006
• Companies (Audit, Investigations and Community
Enterprise) Act 2004
• Case Law, e.g. Caparo v Dickman, Bannerman
• Corporate governance code
• Financial Reporting Council (FRC) … endorses
standards and conduct requirements (e.g. SAS, ISAs,
training requirements for auditors)
• BUT FRC is being replaced by a new regulator soon!
Companies (Audit, Investigations and
Community Enterprise) Act 2004

• Strengthening of auditors' rights to information from directors

and employees,
• Greater powers for the Financial Reporting Review Panel to
obtain information from auditors
• Community Interest Company provisions
Auditing standards

• UK: International Standard on Auditing (UK)

• International: ISAs (International Auditing and Assurance Standards Board – part

of International Federation of Accountants)

• US: Statements on Auditing Standards (SAS) by American Institute of Chartered

Public Accountants
Professional audit institutes
AICPA offices, Durham N
Carolina

ICAEW building, London

Differences in professional
qualifications US and UK
• UK ACA
• Generally need a good undergraduate degree (not necessarily
in A&F)
• 15 ICAEW exams and 3-5 years practical work experience with
a firm approved by the institute
• US CPA
• Requirements vary by state
• Degree in A&F or business required
• 4 AICPA exams and 6m to 2 years work experience
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Theoretical approaches to the study of audit

• Normative
• Agency
• Institutional
Postulates of Auditing (Flint 1988)
Postulates of auditing are a priori hypotheses about the
nature of auditing. Flint formulated seven postulates:
1. A relationship of accountability between parties must exist
2. The subject matter must be remote/complex and important
3. Audit must be independent and free from investigatory and reporting
constraints
4. The subject matter of audit must be verifiable by evidence
5. The audit process requires special skill and exercise of judgement
6. Credibility which is given to financial statements (or other data) as a result of
audit can be clearly expressed and communicated
7. An audit produces an economic or social benefit
Agency Theory – problems of asymmetric information

• Moral hazard - managers act in a way which is

inconsistent with investors’ wishes. Auditing
provides monitoring/reduces asymmetry of
information. (But: Is the auditor free of moral
hazard? Is the auditor independent?)
• Adverse selection – decision-relevant
information may not be reflected in the
accounts. Auditing is seen as a means to
signal the quality of the accounting
information.
Institutional Approaches
• Emphasise the wider social, political and
cultural context in which audits are carried out:

• Describes the operational reality of the audit

process i.e. the day-to-day audit practices.
• How do rules, rituals and conventions affect
what auditors do?
• How are audit judgements formed?
• How do social factors influence audit
processes, interactions with colleagues,
management and others?
Is audit a purely technical activity?
• Auditing can be highly politicised, shaped by the wider social and
institutional environment.

• Audit objectives are contested - there is no precise agreement about

what auditing is.

• Official audit definitions are often idealised and normative, and fail to
describe accurately what audits can deliver (see Power 1999).
What is the reality of audit for audit staff?
• Projects are undertaken by hierarchical teams.
• Audit managers are responsible for bringing the audit in on
budget (paid overtime vs reputation)
• Promotion depends on performance (trade-off between risk
of mistakes and profitability).
• On the job training, affiliation with firm rather than
professional body.
• Promotion to partner depends on more than technical skill.
• Partners increasingly doing more marketing work due to
regulation requiring more retendering.
A more philosophical view: The Audit Society

“The more one thinks about it, the more apparent it is that the
imperative ‘never trust, always check’ could not be a universalizable
principle of social order… If we start hiring a private detective to follow
the private detective who is following a lover, when does the need for
checking stop?... In the end checking itself requires trust; the two
concepts are not mutually exclusive.’’ (Power, 1999, pg. 2)
Discussion questions
• What is corporate financial audit and why do we need it?
• What new technologies have been introduced to corporate financial
audit over the last 10 years?
• How are these technologies likely to change
• The audit process
• The market for audit?
What is corporate financial audit and
why do we need it?
What have we covered?

• Reasons for interest in audit: functional and sociological

• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
How does this fit in to the topic of
Financial Audit?
1. Introduction and theory
2. The audit process
3. Audit quality and expectations gap
4. The audit market
5. Audit regulation
6. Effectiveness of regulation and challenges
 AC341
Corporate Governance, Risk Management and Financial Audit

Topic 4 – Financial Audit - FA2

The audit process
Dr Renuka Fernando
Outline – Financial Audit

1. Introduction and theory

2. The audit process
3. Audit quality and expectations gap
4. The audit market
5. Audit regulation
6. Effectiveness of regulation and challenges
Financial Audit - The Audit Process
The audit process - readings
Required reading
• Gray et al. (2019). Chapters 5 & 6
• FRC (2017). ‘Audit quality thematic review: The use of data analytics in the audit of financial statements’.
(pages 5- 21)

Optional reading
• Yoon, Hoogfuin and Zhang (2015). ‘Big data as complementary audit evidence.’ Accounting Horizons 29 (2):
431-438
• Gray et al. (2019). Chapters 13, 14 & 15
• Knechel (2007). ‘The business risk audit: Origins, obstacles and opportunities’ Accounting, Organizations and
Society 32 (4/5): 383-408
• Salterio (2012). ‘Fifteen years in the trenches: Auditor-client negotiations exposed and explored’. Accounting
and Finance 52(2012 Suppl):233-286
• Scoping out the audit of the future (2017). AccountingToday
https://www.accountingtoday.com/news/scoping-out-the-audit-of-the-future
Outline - Financial Audit –2

• Audit evidence: reliability, relevance and

materiality
• Risk: assessing audit risk, the AR and BR models
• Reporting the audit opinion
• Technology and audit

51
 Audit Evidence
• Reasonable assurance is obtained when the auditor has obtained
sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level (para A3)

• ISA (UK and Ireland) 500: Auditors need “to design and perform audit
procedures in such a way as to enable the auditor to obtain sufficient
appropriate audit evidence to be able to draw reasonable conclusions
on which to base the auditor’s opinion..” (para 4)

• Gathering evidence requires judgement:

• Is the evidence sufficient?
• Is the evidence appropriate (relevant and reliable).

53
Obtaining audit evidence
Procedures (para 10)
• Risk assessment
• Tests of controls
• Substantive procedures and analytical procedures.

By:
• Inspection (viewing documents, assets)
• Observation (of control processes)
• External confirmation
• Recalculation/reperformance
• Analytical procedures
Reliability and Relevance
Audit evidence tests for
• Existence (of an asset or liability at a given date)
• Validity (the entity has the rights to assets or obligations for
liabilities)
• Occurrence (of transaction or event in relevant period)
• Completeness (no unrecorded assets, liabilities, transactions,
events; no undisclosed items)
• Valuation and measurement (asset or liability at appropriate
carrying value; transaction or event at proper amount and in
proper period)
• Presentation and disclosure
55
Audit evidence is more reliable when:
• it is obtained from independent sources outside the entity.
• there are effective controls over its preparation and maintenance.
• it is obtained directly by the auditor (e.g. observing the application of a
control) rather than indirectly or by inference (for example, asking about the
application of a control).
• it is documentary form rather than oral (for example, a contemporaneously
written record of a meeting is more reliable than a subsequent oral
representation of the matters discussed).
• original documents rather than photocopies or documents that have been
filmed, digitized or otherwise transformed into electronic form.
Challenges in assessing the reliability of audit
evidence
• Non-physical items are hard to value – a reliable measure may be
one that is consistent with a valuation model (Power, 2010) e.g.
pension liabilities, derivatives and non-financial liabilities

• Leads us to question what constitutes competence in today’s world of

auditing (note – Sikka (2009) discussed in video 6 addresses this
issue).

• Can you think of items that might be problematic for auditors?

57
Materiality ISA (UK and Ireland) 200
• The auditor expresses an opinion “on whether the financial
statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework.”

• When is an item material?

• Materiality is a relative measure (involves judgement)
• ISA 320: information is material if its omission or misstatement
could influence the economic decisions of users taken on the
basis of the financial statements.

58
 Materiality definition: ISA 200
• In general, misstatements, including omissions, are considered to be material
if, individually or in the aggregate, they could reasonably be expected to
influence the economic decisions of users taken on the basis of the financial
statements.
• Judgments about materiality are made in the light of surrounding
circumstances, and are affected by the auditor’s perception of the financial
information needs of users of the financial statements, and by the size or
nature of a misstatement, or a combination of both.
• The auditor’s opinion deals with the financial statements as a whole and
therefore the auditor is not responsible for the detection of misstatements
that are not material to the financial statements as a whole. (para 6)
Over to you
• How do you think auditors establish materiality?
Outline - Financial Audit –2

• Planning and the production of audit evidence

• The audit risk model and business risk based audit
approaches
• Reporting
• Technology and audit

62
Changes in Audit Methodology

• Increasing focus on risk assessments and auditors’ procedures in

response to assessed risk.
• Revised ISAs require auditor to obtain a broad understanding of an
entity and its environment, through specific risk assessment
procedures. Audit reports now require disclosure of risks in the
audit.
• The auditor should understand the entity’s business risks (for
example, strategic and operating risks) relevant to financial
reporting.

63
 The Audit Risk Model
• Extent of detailed testing and other work carried out in an audit
depends on level of acceptable audit risk using:
• AR - Audit risk = risk that auditors give inappropriate audit opinion
when financial statements are materially misstated (ISA 200) – auditors
aim to keep this within a tolerable level.
• IR - Inherent Risk = susceptibility to material misstatement irrespective
of internal controls
• CR - Control Risk = risk that material misstatement would not be
prevented or detected by internal controls
• DR - Detection risk = risk that auditors’ substantive procedures
do not detect material misstatement
AR = IR x CR x DR
Problems with the Audit Risk Model
AR = IR x CR x DR

• What is the appropriate level of audit risk?

• Inherent and control risk: Distinction between these
is unclear
• Inherent and control risk: relationship shown overly
simplistic?
• Inevitable subjectivity in interpreting all risks

65
 Increased focus on business risk (Knechel, 2007)
• In the 1980s, risk management was growing and fee pressure existed in audit and “a
shift towards risk and risk management was a logical step in the evolution of audit.”
(pg. 391)
• The audit firm identifies business risks (given the organization’s strategy) and assesses
internal processes for their risk-mitigating capabilities. (pg. 394-395)*
• Business risk audits was viewed as improving audit quality – but also “a tool for
generating opportunities for selling non-audit services?”

Could identifying business risks help identify going concern risk (NB we will discuss going
concern issues in the next video, FA3)

*Knechel (2007). ‘The business risk audit: Origins, obstacles and opportunities’ Accounting,
Organizations and Society 32 (4/5): 383-408 66
Ongoing risk assessment required
“The auditor’s risk identification and assessment process is iterative
and dynamic. The auditor’s understanding of the entity and its
environment, the applicable financial reporting framework, and the
entity’s system of internal control are interdependent with concepts
within the requirements to identify and assess the risks of material
misstatement. In obtaining the understanding required by this ISA (UK),
initial expectations of risks may be developed, which may be further
refined as the auditor progresses through the risk identification and
assessment process.” (paragraph 7, ISA 315, 2020)
Auditor objective with respect to risk
“The objective of the auditor is to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial
statement and assertion levels thereby providing a basis for designing
and implementing responses to the assessed risks of material
misstatement.” (para 11, ISA 315, 2020)
 Definitions of risk (ISA 315, 2020)
• Assertions: “Representations, explicit or otherwise, with respect to the recognition, measurement,
presentation and disclosure of information in the financial statements which are inherent in management
representing that the financial statements are prepared in accordance with the applicable financial reporting
framework. “
• Business risk: “risk resulting from significant conditions, events, circumstances, actions or inactions that
could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the
setting of inappropriate objectives and strategies.”
• Inherent risk factors: ”Characteristics of events or conditions that affect susceptibility to misstatement,
whether due to fraud or error, of an assertion about a class of transactions, account balance or disclosure,
before consideration of controls. Such factors may be qualitative or quantitative, and include complexity,
subjectivity, change, uncertainty or susceptibility to misstatement due to management bias or other fraud
risk factors.”
• Risks arising from the use of IT: “Susceptibility of information processing controls to ineffective design or
operation, or risks to the integrity of information (i.e., the completeness, accuracy and validity of transactions
and other information) in the entity’s information system, due to ineffective design or operation of controls
in the entity’s IT processes”. NB: this ties into lecture IC2 about the effect of technology in internal controls
and the Pentland and COSO readings.
(paragraph 12, ISA 315, 2020)
ISA 315 (revised 2020)
• The risk assessment procedures shall include the following:
• Inquiries of management and of other appropriate individuals
within the entity, including individuals within the internal audit
function (if the function exists).
• Analytical procedures.
• Observation and inspection.
• Possible sources of business risk:
– new products or services that may fail
– flaws in a product or service that may result in liabilities and
reputational risk.
• Why focus on business risk? Because most business risks will
eventually have an effect on the financial statements. (Para
A38)

71
Analytical procedures – an example
“The auditor may use a spreadsheet to perform a comparison of actual
recorded amounts to budgeted amounts, or may perform a more
advanced procedure by extracting data from the entity’s information
system, and further analyzing this data using visualization techniques to
identify classes of transactions, account balances or disclosures for
which further specific risk assessment procedures may be warranted.”

Para 31, ISA 315, 2020

Scalability of assessment
“When an engagement is carried out by a large engagement team, such as for an audit of group
financial statements, it is not always necessary or practical for the discussion to include all members
in a single discussion (for example, in a multi-location audit), nor is it necessary for all the members
of the engagement team to be informed of all the decisions reached in the discussion.
The engagement partner may discuss matters with key members of the engagement team including,
if considered appropriate, those with specific skills or knowledge, and those responsible for the
audits of components, while delegating discussion with others, taking into account the extent of
communication considered necessary throughout the engagement team.
A communications plan, agreed by the engagement partner, may be useful.”
(para A45, ISA 315, 2020)

Do you agree with this?

Industry risk factors should be noted
• In the construction industry, long-term contracts may involve
significant estimates of revenues and expenses that give rise to risks
of material misstatement. In such cases, it is important that the
engagement team include members with sufficient relevant
knowledge and experience. (para A69, ISA 315, 2020)

Can you think of an example of an audit failure in the construction

industry?
Auditors and technology
Example of IT risks in ISA315 (2020):
• “When there are significant or extensive programming changes to an
IT application to address new or revised reporting requirements of
the applicable financial reporting framework, this may be an indicator
of the complexity of the new requirements and their effect on the
entity’s financial statements. When such extensive programming or
data changes occur, the IT application is also likely to be subject to
risks arising from the use of IT.”

Is this example helpful? If not, why not?

Business risks and inherent risks
Business aspect
New CFO / CEO –
inexperienced in this
industry, aggressive
strategy
Derivative trading
business
Increasing number of
long-term contracts.
Business risk threat Financial statement
(inherent) risk
Intention to introduce Profits / net assets could
new systems, products be materially misstated
or shift strategy (or liabilities
combined with a lack of understated)
experience
May expose the Failure to report
business to volatility in derivatives correctly.
income and net assets
Difficult to assess Accrual of income/costs
completion and costs is subjective and may
accrued. lead to misstatement of
profit.

Source: Brian Pine, ACCA student accountant publication,

May 2008
76
Outline - Financial Audit –2

• Planning and the production of audit evidence

• The audit risk model and business risk based audit
approaches
• Reporting
• Technology and audit

77
Audit report opinion
• Unqualified or qualified (ISA 705): additional explanatory
material may be provided (ISA 706: “emphasis of matter
paragraphs”; “other matter paragraphs”) describing e.g.
‘fundamental uncertainty’
• Modified:
• ‘Except for’ opinion: misstatements in the FS are material,
but not pervasive
• Adverse opinion: misstatements are both material and
pervasive to the financial statements (fundamental to users’)
• Disclaimer of opinion: insufficient evidence for opinion

79
• The auditor shall express an unmodified opinion when the auditor
concludes that the financial statements are prepared, in all material
respects, in accordance with the applicable financial reporting
framework.
• If the auditor: (a) concludes that, based on the audit evidence
obtained, the financial statements as a whole are not free from
material misstatement; or (b) is unable to obtain sufficient
appropriate audit evidence to conclude that the financial statements
as a whole are free from material misstatement, the auditor shall
modify the opopinion in the auditor's report in accordance with ISA
(UK) 705 (Revised June 2016).
Content of audit report (ISA 700)
Auditors reporting on companies which apply the UK
Corporate Governance Code to state:
• The scope of the audit and specific risks and materiality
considerations
• Which risks had the greatest effect on:
– The overall audit strategy
– The allocation of resources in the audit
– The efforts of the engagement team
• How they applied the concept of materiality in planning and
performing the audit
82
Issues with audit reporting
A “disappointing aspect…from the perspective of many investors we
have spoken to is the widespread absence of explanations by auditors
of changes in their audit approach, in the level of materiality they
used or in the assessed risks reported from one year to the next.
Although we have found some examples where this type of material is
included, it is very much the exception.”

(FRC Extended auditor’s reports A further review of experience, 2016,

emphasis added)

83
One more issue with the audit process:
The nature of auditor-client relationship

• The auditor co-creates the financial statements and related

disclosures with client management.
• The partners reported that several audit firm and client people were
involved and that the negotiation usually took at least weeks. The
audit firm’s national office technical experts play an important role in
ACM negotiations and the interactions, and interpersonal
relationships within the audit firm were characterized as a
‘professional, collegial, non-adversarial process . . .” (pg. 259-260)
Salterio et. al (2012)

84
Outline - Financial Audit – 2

• Planning and the production of audit evidence

• The audit risk model and business risk based audit
approaches
• Reporting
• Technology and audit

85
Over to you:

• The impact of technology on the audit process over the last 15 years?
• What types of technology do you think are useful?
• What specific activities might be affected and how?
• How has the overall audit process be changed by new technology?
• Do you think this will affect the quality of the audit?

86
CPA Canada and AICPA, 2019

• AI has the potential to significantly impact accounting and assurance

jobs and businesses in the near future — if it has not already.
• Transactional tasks are increasingly being automated.
• Algorithms can identify subtle clues in data sets to pinpoint fraud or
identify new opportunities such as savings, improved efficiency and
profitability, and new market opportunities.
• All this while leveraging and making sense of a large volume of
information coming from multiple sources, commonly referred to as
Big Data.

87
What are the Big 4 +1 doing?
• Deloitte - Omnia AI, a multi-disciplinary practice focused
ondelivery of AI services and solutions.
• EY - machine learning in EY Helix and EY Optix for predictive
analytics, drones for inventory observations and document-
reading and interpretation tools.
• KPMG - Ignite AI toolkit and is working with IBM/Watson.
• PwC - data platforms and is working with H2O.ai, a leading
Silicon Valley company, to develop Audit.ai, which will
provide enhanced capabilities to provide assurance.
• BDO: BDOLexi translation app, using neural network
technology, to manage information in multiple languages
during global audits.
CPA Canada and AICPA (2019)

88
The use of data analytics in the audit of
financial statements’ FRC (2017).
• Analysis of the use of audit data analytics (ADA)
• Data analytics “when used to obtain audit evidence in a financial
statement audit, is the science and art of discovering and analysing
patterns, deviations and inconsistencies, and extracting other useful
information in the data underlying or related to the subject matter of
an audit through analysis, modelling and visualisation for the purpose
of planning and performing the audit.” (para 1.2)
• ADA’s viewed by firms as a way of differentiating their offering to
clients – more pronounced since mandated audit re-tendering (more
in FA5 and FA6)
ADAs used to:
• Compare entity data to externally obtained data (analytical review)
• Test ICs e.g. segregation of duties testing
• Substantive testing:
• Analyse all transactions in a population
• Stratify that population and identify outliers for further examination
• Re-perform calculations relevant to the financial statements
• Match transactions as they pass through a processing cycle
• Manipulate data to assess the impact of different assumptions.
How does ADA contribute to audit
quality?
• Deepens the auditor’s understanding of the entity
• Improves consistency and central oversight in group audits
• Enables focused audit testing on high risk areas (e.g. fraud – and
operationalising scepticism)
• Enables tests on large or complex datasets quickly and accurately
• Enhances communications with audit committees
Key findings
• Use of ADA overstated - Audit firms promote them to meet audit
committee expectations and to win competitive tenders.
• One case where ADA intended only to provide insight to the audit committee.
• Two cases where audit committee reports refer to piloting of ADA by audit firm even
though no audit evidence is actually being produced with the tools.
• ADAs can improve audit quality - Thoughtful use of ADA techniques can
provide audit evidence that is more focused to the audit risks and provide
useful insights to an entity’s management and the audit committee.
• Staff competent in ADAs necessary - dedicated support is required.
Evidence found of auditors not able to understand the extent of the
application of ADA tools.
Big data as complementary audit evidence
(Yoon et. al, 2015)
• Pattern recognition, data mining, visualization, predictive modelling,
and natural language processing are used by auditors.
• Such data analysis can supplement otherwise insufficient or
unreliable evidence (e.g. if the client’s internal information is
inaccessible or unreliable, e.g. mangement sales forecasts).
• Can identify risks of fraud/going concern by text mining of employee
emails.
• GPS data to identify inventory shipments rather than shipping
documents.

93
Advantages/disadvantages of big data (Yoon et.
al, 2015)
• Advantages:
• Timely, cheap, conducted remotely
• Hard to tamper with the data, whole population
• Independent i.e. from external sources (market, news articles, analysts
reports) as benchmarks for analytical review
• Disadvantages
• Data quality and interpretation (unstructured data, potential correlation of
data sources)
• Integration: developing bridges with client data
• Privacy issues and data security

94
Technology in audit, FT August 3, 2015

• Auditors go high-tech to win new business: As competition hots up,

firms are turning to data analytics
• At the heart of the transformation is the ability for auditors to collect,
analyse and test entire data sets, rather than rely on restricted
samples of data as they have in the past.
• “Testing whole populations as opposed to samples in effect allows us
to drain the lake to find the treasure… In the past, the profesion was in
a rowing boat prodding around in the water with an oar.” (pwc
commentator)

95
Big data and audit – the pwc view
• We’re spending more time on the logic and rationale behind
our data queries because we’re spending less time on getting
the data in the first place. And, while we’re able to
concentrate more on business processes and testing, we’re
spending much less time at client sites.
• For our talent, this means less rote work (finding documents)
and more substantive experiences (analyzing and testing the
data) earlier on. It also means a greater ability to work where
they want, which is something our millennial talent prizes.
http://www.pwc.com/us/en/press-releases/2016/pwc-audit-through-innovation-press-
release.html

96
KPMG’s investment in data analytics

Tony Cates, UK Head of Audit, KPMG (Feb 2015):

• Use of proprietary predictive models to support lead audit
partners to make judgements on audit issues.
• These tend to involve multiple variables and by developing
predictive models that can process and analyse huge quantities
of complex data simultaneously.

https://www.accountancyage.com/aa/analysis/2396491/ok-computer-audit-embraces-technological-innovation

97
What does audit technology enable firms to do
more efficiently?
• Analyse larger proportion of the population of transactions
• Better analytical review with comparables
• Analyse entire sets of journal entries to check for anomolies (e.g.
posting at weekends, by unexpected people, or with particular digits
in the transaction value e.g. just below financial authority cut-offs)
• Social media – finding information on potential contingent liabilities
e.g brand damage, environmental issues and pending litigation

98
Blockchain

• A distributed ledger that is openly available with negligible costs.

• A source of trust – cannot tamper with blockchain
• Evidence of existence
• But what does blockchain not provide?

99
Possible issues with new audit technology

• Will technology necessarily improve audit quality?

• If no why not?
• Does technology serve to differentiate the Big4 offering?
• What are the likely effects on the audit market?
• Who benefits from cost reduction?
• Crowding out of judgement?
• Data security issues?
• Complex integration of data sources

100
Understanding change in Audit Technology

• Dynamics of change are rarely linear nor explicable purely as the

result of learning and technical progress

• Changes in audit technology cannot be understood in isolation from

wider developments in the institutional, political, social and economic
environment of auditors.

101
Discussion questions
• What is corporate financial audit and why do we need it?
• What new technologies have been introduced to corporate financial
audit over the last 10 years?
• How are these technologies likely to change
• The audit process
• The market for audit?
Bibliography
• Knechel, W. R. (2007). The business risk audit: Origins, obstacles and opportunities.
Accounting, Organizations and Society, 32(4), 383–408.
https://doi.org/10.1016/j.aos.2006.09.005
• Yoon, Hoogfuin and Zhang (2015). ‘Big data as complementary audit evidence.’
Accounting Horizons 29 (2): 431-438 Artificial intelligence and the future of accountancy
(2018) ICAEW, IT Faculty
• CPA Canada and AICPA (2019). ‘A CPA’s introduction to AI: From Algorithms to Deep
Learning – what you need to know’.
• Sikka, P. (2009). Financial Crisis and the Silence of the Auditors. Accounting,
Organizations and Society, 34, 868–873.
• Salterio, S (2012). Fifteen years in the trenches: Auditor–client negotiations exposed and
explored. Accounting and Finance 52 (2012 Suppl.) 233–286