The new flavours of auditing

Beyond plain vanilla: the auditor's job is taking on an interesting new flavour.

Innovations in data collecting take auditors' jobs in new directions.

Conducting a routine audit of a client’s financial accounts last year, accountants from PricewaterhouseCoopers (PwC) noticed there were some anomalies in the underlying financial data. These anomalies were thrown up by the specialist interrogation software that PwC was using to provide assurance over the numbers that went into the year-end accounts.

Investigating further, they went back to their client for more information, including the original documentation for the transactions, and discovered that the client had overpaid sales tax by around A$500,000.

The company won a refund from the Australian Taxation Office and fixed its systems to ensure that overpayments wouldn’t occur again. It’s an example of the sort of work that external auditors are doing these days that goes beyond ticking off on the annual accounts.

Around the world there’s a gradual but fundamental shift in the role auditors are playing for their corporate clients. More and more they are being asked to peer through the raw numbers and uncover insights into how a company is being run, its strategy and the efficiency of its business processes.

Auditors are, of course, still required to perform their foremost statutory role – signing off on the company’s accounts for the past financial year – but corporate clients are increasingly expecting them to do more.

“They are definitely expecting insights and value add,” says Valerie Clifford, assurance partner in PwC’s Risk & Quality section.

This change has been helped by the vast amounts of real-time data that companies’ IT systems now capture as a matter of course. It’s not only financial information, but data on payroll, human resources, supply chain systems and intellectual property.

Within their own walls, companies are using this data to conduct continuous internal audits, regularly checking their own controls and doing risk assessments, as well as using “big data” techniques to analyse aspects of the business itself. But the change is also playing out in the role of external auditors. In the past, auditors would check the data that goes into a set of accounts primarily by taking samples and going back to the original transaction to ensure they were accurately recorded and calculated.

It was a laborious process, usually undertaken by teams of recent accounting graduates striving to work their way up to something more interesting.

But these days, in many cases, every piece of data can be checked by specialist software, ensuring more accurate data is in the financial accounts.

“Being able to interrogate a client’s data and being able to provide assurance over an entire population is very valuable,” says Clifford.

Because the preparation of financial reports is becoming more complex and involves more judgement, external auditors are being asked to provide assurance over more of the data that goes into those reports – non-financial as well as financial numbers, she says.

And to help provide that added assurance, audit teams are bringing in experts from other disciplines such as IT, science, engineering and finance. Along with the auditors back at the head office, an audit team might now also comprise a geologist on field at a mine site conducting assurance into an aspect of a resources sector client’s business, or a qualified actuary looking over the exposures of an insurer.

Clifford says that proving assurance over a range of data is becoming more important and challenging as the globalisation of business continues and companies work across international borders. For instance, a bank might outsource its provision of credit cards to a third party. The bank then would hire an auditor to check the security controls of the credit card transactions operated by the third party, and how well it is meeting the service provisions of its contract.

Likewise, as companies move their data offsite and into the cloud, auditors need to check the controls and security around that data to avoid incidents such as leaking customers’ contact details or the loss of financial information.

Professor Robert Knechel, director of the International Center for Research in Accounting and Auditing at the University of Florida, says that as businesses become more complicated, auditors are having to dig through a wider variety of information and data to be able to conduct a full audit.

Auditors need to understand a company’s business plan and its operational strategy. “Back in the early 1990s auditors never paid any attention to that question, they just looked at the transaction flow and the accounts. They never really asked if the numbers they were seeing made any sense in the context of what the organisation was supposed to be doing,” says Knechel.

“The bottom line is the more you know about your client and the more information you have about what they’re actually doing, the less likely you are to be surprised by some really bad circumstance.”
Being able to interrogate a client’s data and being able to provide assurance over an entire population is very valuable.
Because of the nature of the information they discover, auditors can end up in more of an advisory role than they would have previously.

If an auditor finds a control gap, for instance, they can’t just tell the audit committee about the problem. They’re also expected to advise on a solution to that problem.

“Otherwise you’re just handing them a hot potato,” says Mike Trovato, leader for Asia-Pacific Security at Ernst & Young.

Most companies in Australia now expect more from auditors than a “vanilla audit”.

“That basic service is essential, but on top of that there is an expectation – whether it’s the board or the risk committee – that auditors are providing a view on how do we manage better, how do we prevent fraud, how do we manage costs, how do we improve our controls environment?”

The ease with which data can be checked and analysed means auditors can also do more with the information they have at hand, beyond the assurance of data that is required in an audit. They can search for and spot anomalous patterns in payments that no one looking at columns of figures would have been able to spot, perhaps uncovering fraud or overpayments to suppliers.

Trovato says auditors are being asked to benchmark and give insights into clients’ business processes to ensure they’re as good as their competitors. For instance, they might be able to compare the average payment terms for suppliers in the financial services sector with their own clients’ terms and uncover inefficiencies.

They’re also collecting and analysing data to help argue the case for a change in a business strategy or new initiatives. Chief financial officers are relying on their benchmarking as a business improvement tool.

Elsewhere, auditors are analysing complex revenue cycles and highlighting potential risks their clients are exposed to as a result. Once again, the work is often used to help companies refine their systems and processes.

Auditing’s “bipolar” climate

While corporate clients are seeking more from their auditors, the profession is also coming under pressure from investors and governments to pass judgement on the health of a company and its viability.

The pressure arises from what’s known as the “auditing expectation gap”. Users of company accounts, such as investors and creditors, might well interpret the auditors’ claim that the financial statements “present a true and fair view” as a comment on the overall health of the company.

Yet while the auditor may have done everything required of them, the company may still go under, with irate investors and creditors blaming the auditor for not bringing the company’s problems to light.

Auditors can now do so much more than they did in the past, but there are questions on whether audit standards and the financial accounting framework have kept up with the changes.The financial accounting reporting framework was developed in an era when collating and checking data was all done manually.

“It was basically a compromise based on the technology of the time on what you could measure and what you could verify,” says Professor Miklos Vasarhelyi, director of the Accounting Research Center at the Rutgers Business School in the US.

Vasarhelyi says these out-of-date standards are leading to a “bipolar” environment with regard to accounting and auditing. Inside corporations, management can access huge amounts of information. Yet they give only a very narrow set of data to the wider world.

For instance, take the depreciation of a building in a company’s accounts. Vasarhelyi asks why would anyone be interested in how much the building cost 10 years ago and why would the building be depreciated over, say, a 20-year timeline, when that bears no relationship to the life of the building? This information is redundant, given that a real-time valuation can be available with the click of a mouse.

“These days, financial numbers are not very useful. Therefore the assurance and the external auditing are not very useful either, because what’s the purpose of assuring numbers that are not very good?” he asks.

“The measurement today is reasonably far from what the real story is, so auditors are being pressured to do more than their traditional role,” says Vasarhelyi.
The big question is how quickly accounting standards and audit rules will change to catch up with the new reality.

Internationally the profession is heading towards a new “integrated reporting” framework that aims to cut back on the complexity of corporate reporting and give the reader a much better understanding of the company’s business model, its strategy and the types of risks involved.

Developments in International Financial Reporting Standards over recent years have also seen greater approximation and potential subjectivity brought into the domain of financial reporting.

These two developments mean more judgement is required in the preparation of financial reports, and that there are higher demands on the assurance of those reports by auditors.
“That’s an area we focus on as being a very important part of the profession to develop – the ability to provide a clear, valuable assurance opinion around an integrated report,” says Amir Ghandar, audit and assurance policy adviser at CPA Australia.

“If you’re pulling together more information from a broader set of data, including the sustainability report and other non-financial reporting, it’s going to touch on a broader range of expertise and subjectivity. Having the opinion of an independent, competent professional is invaluable for decision makers using the reports.”

Recognising the broader role of auditors, the International Auditing and Assurance Standards Board has revamped standards over the assurance of non-financial information. It seems the role of auditors is evolving rapidly in a changing world, giving them increasing relevance to business in the future.

This article is from the April 2014 issue of INTHEBLACK.

December 2021
December 2021

Read the December 2021 issue of INTHEBLACK magazine.

Each month we select the must-reads from the current issue of INTHEBLACK. Read more now.