Week 12 – Contemporary Issues in Auditing

Dr Rita A. Bekoe & Dr Edem E. S. Welbeck

rabekoe@ug.edu.gh & edem.emerald@gmail.com
 Learning Objectives
• Understand CSR audit

• Understand the impact of technology of auditing

• Discuss the current technological issues and its impact on
auditing,
- cyber security
- Data analytics and big data
- block chain
- drones
- auditing SME’s
• Social and Environmental Auditing

Slide 3
 Introduction
• social and environmental issues have become key in modern times, as the
public continue to mount pressure on companies to attend to the effect of
social and environmental matters in the countries where it operates.

• If a company fails to recognise social and environmental problems and is

perceived not to be doing something about them, an entity’s reputation may
be at risk. Reputational risk can have consequences for customer demand for
the entity’s products. Many members of the public may refuse to buy goods
from companies, or invest in the shares of companies, unless those companies
have ‘healthy’ social and environmental policies.
 Introduction
Environmental policies and issues focus on energy consumption, pollution, the use of
natural resources and sustainability of the business, use of re-cycled materials.

Social policies and issues focus on such areas as employee rights (for example, rights to
trade union membership), employee training and development, human rights, child
labour in developing countries, equal opportunities, health and safety matters,
relationship with the local community, supporting local, national and international good
causes.

Many large companies now publish annual social and environmental reports, sometimes
called sustainability reports either as part of the annual report or in a separate
document Slide 5
• The contents of sustainability reports are mostly unregulated. Although the
external auditors may review such reports, the outcome of such reviews are
not included in the audit report non is an opinion expressed on them.

• However, some entities engage external ‘environmental experts’ to review and

report on their environmental reports.

Slide 6
 Environmental Audit
• An environmental audit can be defined as:
– ‘…a management tool, comprising a systematic, objective assessment of how well an entity is performing with the aim of
safeguarding the environment by enhancing management control of environmental practices including compliance with
appropriate legislation and regulations.’

• An environmental audit may be performed by:

– the entity’s external auditors, or
– the internal auditors, or
– external environmental experts.

• An environmental audit involves an assessment of all impacts of the entity’s activities on the environment,
including:
– compliance with environmental regulations, for example on pollution of
– land, water and air
– waste disposal
– recycling policies
– sourcing of raw materials. Slide 7
 Social Audit
• A social audit assesses whether a company has achieved its set social targets
and objectives. For example a company with the objective of investing in its
staff may set a target to provide all staff with a minimum number of hours
training each year. A social audit will provide independent verification that
the company has met this target.

Slide 8
 Audit Evidence for Social & Environmental Audit
• In some European countries, listed companies are required to include some information about
social and environmental risks in their annual business review, but as yet, there are no rules
about what these disclosures should contain.

• Since companies decide what to include in their social and environmental report, the report may
contain very few verifiable numbers and may consist largely of narrative (‘words, not numbers’).

• When social and environmental reports include quantified performance figures, performance is
often reported by comparing actual performance against target for a number of different ‘key
performance indicators’ or KPIs.

• Where there are quantitative information, the figures may be audited to verify that they are
reliable using procedures already discussed to obtain sufficient, appropriate evidence.
Slide 9
• Impact of Technology on Auditing

Slide 10
 Impact of Technology on Auditing
• Technological development increasingly is playing a significant role in the
future prospect of all organisations especially in;
– established organisations who need to modernise their products and business models
to embrace new technology; and
– new organisations whose business models and products are based on modern
technology.
• Organisations must therefore offer online sales and marketing as a route to
marketing – if they don’t they will lose significant customers to competitors
who do.

Slide 11
 Impact of Technology on Audit
• Organisations integrate the internet into their actual products. E.g.
– Traditional face-to-face training courses might be offered as online training products.
– Face-to-face medical and legal advice could be offered by online artificial intelligence
products.
– Music CDs, books and videos are increasingly being replaced by online downloads.
– At the forefront of technology, driverless cars are being heavily tested.
– The use of drones in businesses such as parcel delivery, security and surveying is being
researched.
• Therefore, the technological business risks for practitioners (auditors) in the way
they offer and deliver their professional services, the nature of those services, as
well as the business risks faced by clients that impact a practitioners’ risk and
going concern assessments, must be identified, assessed and managed effectively.
Slide 12
 Cyber-security
• Cyber-attacks on organisations such as theft of confidential data, intellectual property and
design secrets, pose risk to organisations. These cyber-attacks are also becoming more
sophisticated.

• Organisations must embrace cyber-security as a key business risk, and invest

proportionately and robustly in assessing and responding to such risks. If organisations fail
to assess and respond to such risk, they may suffer financial losses from cyber-attacks,
reputational damage, operational disruption, fines and potential loss of licences due to
breach of data security regulations.

• There is the real risk that management may fail to grasp the sheer scale and complexity of
the challenge and subsequently leave their organisation vulnerable to devastating cyber-
attacks.
Slide 13
 Practitioner (auditor)’s Role
Practitioners(auditors) must consider cyber-security from two perspectives:

• Managing cyber-security within their firm. This includes establishing robust systems and operations that
allow staff to work flexibly and remotely, often via the internet and the cloud, whilst safeguarding software,
data and processes.

• Considering the cyber-security risks at a client. This might involve identifying, assessing and responding
appropriately to the audit risks arising from cyber-security, including the potential impact on going concern.

• The practitioner might also offer other assurance services relating to cybersecurity and/or system design
consultancy.

• The practitioner must also consider cyber risk management along an organisation’s supply chain given that
security breaches have occurred because of vulnerabilities in suppliers.
Slide 14
 Data Analytics and Big Data
• Data analytics (DA) describes the use of automated techniques to analyse a
client’s data. The key aim is to help the practitioner(auditor) achieve a more
efficient engagement and add value to their clients.
• One of the key challenges facing the practitioner is how to access a client’s
dataset. The process would normally involve the use of the practitioner’s IT
experts to extract a copy of the client’s data which the practitioner can then
analyse and interrogate.
• A further challenge is the evolution of ‘big data’ and how clients and
practitioners draw value from it. ‘Big data’ describes large or complex data sets
that traditional data processing application software is unable to deal with.

Slide 15
 Auditor’s Use of Data Analytics
• no specific rules when DA can or should be employed.

• In practice, DA is often used during the risk assessment phase of an assurance engagement to
help identify and assess risks. May also be employed during risk response, for example in;
– selecting a sample or recalculating an inventory or irrecoverable debt provision
– data visualisation - presenting data-sets with graphs, pies, clusters, visuals and dashboards to assist in
analysing and understanding the data, e.g. trends by product or region;
– sampling, and in some cases, 100% testing to identify outliers, trends and anomalies;
– recalculating depreciation on PPE by item;
– assessing inventory ageing and the number of days’ inventory held in stock;
– applying external FX rates to calculate the valuation of investments

• DA has been described in some literature as a modern version of CAATs in today’s digital world.
Slide 16
 Blockchain Audit
• Blockchain first arose as the technology behind Bitcoin.

• Blockchain technology allows two parties who do not know each other to transact without
using a trusted intermediary (such as banks) thereby cutting transaction costs. It does this by
offering internet-based ledgers which readily has information accessible to the parties.

• A blockchain audit allows auditors to test all transactions in the blockchain, rather than
perform substantive testing on a sample basis as is currently done with a traditional ledger,
thus increasing the assurance level.

• The audit may even be able to be automated for more routine transactions increasing the
efficiency of the audit process.
Slide 17
 Drones
• Using drones in auditing is another recent technological development. Used in
a very small number of audits especially for the audit of inventory.
• Drones can be used to audit items stored over a large area outdoors such as
cars or timber. The drone can cover a much larger area in a shorter time than a
human auditor thus increasing the efficiency of the audit.
• They can also be used to scan or film inventory being stored high up in
warehouses which would otherwise be difficult for the auditor to access.
• As time passes, the tools and mechanics employed in performing an audit will
continue to evolve as technology advances. The expectation is that over time
much of the routine work performed by audit juniors will be automated.
Slide 18
 Audit for Small Entities
• Audits may be conducted in small entities using same audit approach and giving an
opinion.
• Whiles in some countries (UK, USA) small entities are exempt from undertaking
statutory audits, for Ghana all companies are required to submit audited financial
statements
• For practical purposes however, the nature of audit proceedures applicable depends
on whether the entity being audited is large or small and whether it is complex or
relatively simple.
• The requirements of the ISAs, therefore, focus on matters that the auditor needs to
address in an audit and do not ordinarily detail the specific procedures that the
auditor should perform based on the size of the company.
Slide 19
 Value for Money in public sector
• MMDA, MDAs adhere to procurement processes outlined in the law. Do these
processes enhance value for money?

Slide 20
 Artificial Intelligence
• https://home.kpmg/xx/en/home/insights/2020/12/the-shape-of-ai-
governance-to-come.html

Slide 21
 Assignment
• Covid 19 has brought with it challenges for companies as well as audit firms.
Choose an audit firm. Based on your knowledge in auditing and referring to
literature, write a 1000 word paper on which aspects of the audit process
has been most affected in the wake of covid 19; the risk and opportunities
for the chosen audit firm; what strategies the audit firm is deploying to
ensure quality of the audit and assessment of going concern.
• Submission date: 25th March, 2021 at 5.00pm to edem.emerald@gmail.com
• Presentation: 25th March, 2021
• Submit your word document and powerpoint presentation.

Slide 22