Or… has technology already changed auditing?
The accounting and auditing world is buzzing with talk of how automation and other technologies will reshape the accounting profession. Oh, how slow this world catches on! The reshape should have already taken place, as both technology and automation have far surpassed the capabilities and knowledge of most auditors.
In an article in the Journal of Accountancy, April 2017, Deloitte audit partner Jon Raphael explains how auditors using technology are changing the way audits are performed. “Exponentials” – or advanced technologies – are a driving force representing technological breakthroughs at the intersection of information technology and science, Raphael writes. And Deloitte is clearly at the forefront of using the technology to enhance audit processes and increase value to their clients.
But this technology is not new. It is a technology that has been available for many years, and the use of that technology should have been required by the American Institute of Certified Public Accountants (AICPA) to be used by auditors. Data analytics and data mining have been used extensively by marketing professionals for over 25 years. FSS learned of these breakthroughs over 20 years ago, and we implemented data analytics in the mid 1990’s to investigate, analyze millions of records, and document and prove fraud.
In a keynote speech I made to the National Association of Advanced Accounting and Auditing Technical Symposium (NAAATS) in July 2010, I emphasized to these professional standards writers that we have the tools to catch a Bernie Madoff, Alan Stanford, Enron, HealthSouth, or just name the fraud scheme – we already have the tools. And as I pointed out, there should be standards enacted by the AICPA to require auditors to know and use them.
Raphael correctly states auditors must monitor and understand emerging trends and technologies such as Bitcoin, or digital currency that uses blockchain technology. As he states, these technologies may present new audit-related risks and opportunities. However, I would ask any auditor: If Bitcoin can be used at some of the world’s largest retailers such as Microsoft, Overstock and Expedia and is recognized as an official currency by Japan and others, wouldn’t you consider bitcoin as an audit risk now? And, should you, as an auditor, understand and design procedures “now” to obviate this audit risk with your client’s business in mind?
With all the technology readily available, I can envision a plaintiff’s attorney asking the expert witness this question: “Did the auditor’s failure to use available technology in its audit of this company violate the standard of care?”
And when it comes to keeping up with technology and innovation, where does the auditor’s liability end when it comes to data breaches; and the auditor’s responsibility to identify the liability a company has to protect company data? Even more concerning is the auditor’s liability for data breaches of the client’s records which reside on the auditor’s computer system. We will look at these perplexing questions in future posts on this blog.