Today, we are engaged in the audit equivalent of DVD-by-mail, moving data from our clients to EY for use by auditors. What we really want is to have intelligent audit appliances that reside within companies’ data centers and stream the results of our proprietary analytics to audit teams. But the technology to accomplish this vision is still in its infancy and, in the interim, we are delivering audit analytics by processing large client data sets within our environment, integrating analytics into our audit approach and getting companies comfortable with the future of audit.
The transition to this future won’t happen overnight. It’s a massive leap to go from traditional audit approaches to one that fully integrates big data and analytics in a seamless manner.
Barriers to integration
There are a number of barriers to the successful integration of big data and analytics into the audit, though they are not insurmountable.
The first is data capture: if auditors are unable to efficiently and cost-effectively capture company data, they will not be able to use analytics in the audit. Companies invest significantly in protecting their data, with multilayered approval processes and technology safeguards. As a result, the process of obtaining client approval for provision of data to the auditors can be time-consuming. In some cases, companies have refused or have been reluctant to provide data, citing security concerns.
Moreover, auditors encounter hundreds of different accounting systems and, in many cases, multiple systems within the same company. Data extraction has not historically been a core competency within audit, and companies don’t necessarily have this competency either. This results in multiple attempts and a lot of back and forth between the company and the auditor on data capture.
Today, extraction of data is primarily focused on general ledger data. However, embracing big data to support the audit will mean obtaining sub-ledger information, such as revenue or procurement-cycle data, for key business processes. This increases the complexity of data extraction and the volumes of data to be processed.
While it is reasonably easy to use descriptive analytics to understand the business and identify potential risk areas, using analytics to produce audit evidence in response to those risks is a lot more difficult. One problem with relying on analytics to produce audit evidence relates to the “black box” nature of the way in which analytics works, with algorithms or rules used to transform data and produce visualizations or reports. When the auditor gets to this stage, they need to find the appropriate balance between applying auditor judgment and relying on the results of these analytics.