Continuous Auditing – Where we are, how to improve and where we need to go
“At Deloitte we’re investing several hundred million dollars in data analytics and artificial intelligence with some cutting-edge applications that we really believe differentiate us and our audit approach.” 2
Translating Our Mission to Our Audits › Delivering Quality to Stakeholders & a Great Experience to Clients › Engaging the Minds of Our People – Reducing Low- Value Activities & Leveraging Data › Managing Firm Risk & Results – The Value Proposition 3
Considerations Other People & Technology Practice Change & Data Mgmts. Management Impact Quality & Methodology Oversight 4
Capacity to Invest › Consider capacity for investment • National firms (38) with revenues > $100M (excluding international networks) › Combined revenue – $15B › Average – $400M; range: $100M to $2B • International firms (4) › Combined revenue – $52B • Firms #43 to #300 › Fee range: $10M to $99M Source: Inside Public Accounting 2017 IPA 100 firms 5
Building the Future Audit › Established 2016 › Joint venture focused on audit technologies › BKD’s National Director of Assurance Services – June 1, 2017 › Strategic Plan – Audit of the Future, version 1.2 & evolving … › A different client environment at the middle-market 6
AICPA Dynamic Audit Solution › BKD investment, $60M total by major firms › Investment in methodology to advance standards › Done in partnership with a technology partner › Self-disruption to maintain relevance & serve the public & the profession 7
Key Data Advances Require › Ingestion & connection capabilities › Standardized taxonomies or normalizing › Access to data for machine learning › Continued investment in system training (AI) › Human insight › MOST IMPORTANTLY • Ability & interest commensurate to the cost 8
Tools Portfolio of Tools & Human Implications 9
Commonly Deployed Tools › Ledger Systems, Microsoft Office, CAATs • Pros – familiarity, customization, baseline objectives • Cons – functionality limits, customization, limited visualization, limited automation, disaggregated data, version control (& how cloud is changing) • Specific Excel issues › Data integrity & access/control › Advancement – PowerPivot, PowerBI, etc. 10
Integrators & Low-Code Environments › Duplication & inconsistency challenges – particularly with “independent” data • Integrators: Attunity, Informatica, Microsoft, MuleSoft, SAP, SAS, snapLogic › Development to obtain data vs. low-code environments to create systems (build vs. buy) • Providers: Nintext, Appian, Intapp, Agiloft, Amelio • Web-based inquiry & portals 11
Robotic Process Automation (RPA) › A true human threat in low-value activities • Picture a typical AP department • Audit application & current practical limits • Advanced OCR plays a role › “Robots” – a digital workforce, but not physical machines • Repetitive actions or rule-based decision making 12
Artificial Intelligence/Machine Learning › Artificial intelligence – pattern recognition, language processing, predictive analytics, etc. › Flags conditions & identifies options but requires human assistance to obtain the data & interpret final results 13
Internal Audit Example of Control Testing Where are we? What can we improve right now? Where do we need to go? 14
Still Need to Start with Risk!!! › Important to remember to stick to the plan, but be flexible • Risk Assessment • Audit Plans › Risk Assessments • External audit risk assessment • Internal operational risk assessment › Is there a difference? › BE EFFICIENT!!! 15
Internal Control Testing - External External Audit Key Internal Controls Annual approval of compensation policy and approval of pay scale by Compensation Committee is HR-1 documented within signed minutes and through related policy dates. HR associate enters new employee and other changes in payroll records based upon completed HR change form completed by department heads. HR Change forms are signed by department managers HR-2 and reviewed by hiring manager. All new payroll employees must fall within the pre-approved salary range and if outside is approved by the Compensation Committee and documented as such. HR Payroll Manager completes a payroll check back on semi-annual payroll reports to ensure they HR-3 were reviewed before and after final payroll is processed. The check back is supported by sign-offs and retained for audit. Human Resource Information Specialist (HR IS) is alerted when access to Payroll Software is requested, either addition of EE, termination of EE or change in access duties. HR IS reviews and HR-4 sends request to IT specialist through ticket system. Change is documented within the IT Change management system. Quarterly, Director of HR reviews Payroll System access reports. Access reports are reviewed against HR-5 prepopulated duties. Payroll accruals (including payroll wages, taxes, 401k) are made by Finance team member and HR-6 reviewed by a Finance Manager on a monthly basis (account reconciliation). Payroll related financial accounts are reviewed against budget by Finance and reported to the Board of HR-7 Directors. 16
Operational Audits - Internal Operation Audit Procedures 1) Ensure updated policy is within one year or reasonable timeframe 2) Ensure updated policy is stored within Policy share file HR-1 3) Ensure pay scale is stored in secured HR drive and approved within the minutes of the Compensation Committee 1) Agree new EE to W-4, background check and credit report 2) Agree salary, benefits and tax elections to completed forms or on-line portal 3) Ensure personnel file contains resume, completed application 4) Ensure completed fields in HR system agree to approved hiring sheet or fields are terminated with eliminated EE HR-2 5) View all signed hiring / termination sheets 6) Test that payroll changes / new EE pay is within policy and if not is approved by the compensation committee 1) Review payroll reports and view HR Payroll Manager reviewed via electronic signature 2) Test payroll reports that were approved for clerical accuracy HR-3 3) Test that payroll reports were properly recorded to the general ledger 1) From IT change management system select population of requested changes 2) Test sample for proper approval of changes by the HR IS to the IT specialist HR-4 3) Test duties of sampled EE's against standard duties sheet. Obtain explanations for anomalies 1) Obtain quarterly review reports for proper documentation of review by Director of HR HR-5 1) Agree accruals to supporting payroll reports 2) Ensure mathematical accuracy of accrual and reconciliation (including imprest accounts) HR-6 3) Review approval and review by Finance Manager of the payroll account activity 1) Review financial analytical review against budget, including mathematical accuracy HR-7 2) Complete predictive analytic of the payroll accrual balances 17
What Can We Currently Improve? › Complete integration of internal control testing and operation testing › Encouraged for internal control testing to be quarterly if frequency matches › Continuous updates to operation audits in conjunction with internal control testing requirements › Provide value to stakeholders • Can statistical information be added to bring value from a numerical / chart presentation • Be real-time with risk (or as close as possible) 18
Outlook Where Are We Headed/What Can You Do? 19
Today’s Reality › More data available than ever before with less understanding about limitations › Changed expectations vs. limited investments › Beware of or embrace “ s pin?” › Beware of overestimating return & underestimating investment, particularly time › Evaluate change in incremental terms › Human beings (adoption/support) are critical 20
Considerations – Implementing Tech › A solution in response to or in search of a problem? › Simple & elegant? › Scalable & sustainable? › User-focused & human-assisted › Culturally consistent or creating cultural change? › Practical & effective in cost/value assessment? 21
Human Implications › Low-value activities in high-volume environments are ripe for automation • Positive for public accounting • At risk: clerks & other “inputters” › Data that can be ingested & normalized creates significant analysis opportunities › Barriers to conceptual AI potential are difficult — but not impossible — to overcome 22
Audit Considerations › Low-hanging fruit • Cleaning up data (redundancy/efficiency/leverage) › Change • Watch audit standards closely for future implications › Stay informed • Threats to the service – particularly componentization from tech › Invest • Best tools relevant to your client base & challenges 23
Private Company Considerations › Work with IT • Understand reporting capabilities/challenges › Investigate visualization opportunities › Identify low-value/high-volume activities • Efficiency & quality opportunities › Pay attention to the cloud & cybersecurity › Manage audits with better data 24
Recommend
More recommend