Which of the following data analytics methods should an auditor use to report on actual results?
Show
What are Analytical Procedures?Analytical procedures are a type of evidence used during an audit. These procedures can indicate possible problems with the financial records of a client, which can then be investigated more thoroughly. Analytical procedures involve comparisons of different sets of financial and operational information, to see if historical relationships are continuing forward into the period under review. In most cases, these relationships should remain consistent over time. If not, it can imply that the client’s financial records are incorrect, possibly due to errors or fraudulent reporting activity. Examples of Analytical ProceduresExamples of analytical procedures are as follows:
When the results of these procedures are materially different from expectations, the auditor should discuss them with management. A certain amount of skepticism is needed when having this discussion, since management may not want to spend the time to delve into a detailed explanation, or may be hiding fraudulent behavior. Management responses should be documented, and could be valuable as a baseline when conducting the same analysis in the following year. Auditors are required to engage in analytical procedures as part of an audit engagement. Author: Tommie Singleton So many times, auditors of all types use a computer-generated report to perform some aspect of assurance. For example, financial auditors may pull a computer-generated list of accounts receivable (i.e., subsidiary listing) and use it to confirm receivables. IT auditors sometimes do the same thing with lists of access, logs or other reports relevant to IT audits. A popular use today is to generate data sets (a similar resulting object) to conduct data mining or data analytics. It is tempting to look at a neat report that came from a computer and to have a “leap of faith” as to the veracity and reliability of the information of that report. Standard setters have realized the fallacy of that thinking and have issued guidance to auditors regarding computer-generated reports. The Public Company Accounting Oversight Board (PCAOB) inspection reports show that one major area of deficiency in financial audits of issuers is not gaining assurance regarding the accuracy and completeness of the report’s information. The GoalThe goal has been stated by standard setters. It is the completeness and accuracy of the information in the report upon which the auditor is relying. Accuracy alone is insufficient. One needs to obtain assurance about both the completeness and the accuracy. The US Government Accountability Office (GAO) uses data reliability to refer to the accuracy and completeness of data. They define data reliability as “sufficiently reliable data,” “not sufficiently reliable data” and “data of undetermined reliability.” A determination of data reliability should lead to the assessment of assurance on accuracy and completeness of a computer-generated report from these data, although it may be necessary to couple that with another test for report settings. It is possible for data to be reliable for one particular purpose but not reliable for another because of differences in data fields. Why?Consider the example of a financial audit. The financial auditor might use a key report from the information system (i.e., computer) as the key information or an important audit procedure. In this case, the reliance upon the information is critical to the conclusions about the assertion of the account balance, class of transactions or disclosure being tested. Consider an IT audit. The same result is true. If the IT auditor is using a computer-generated list of credit card charges (or similar financial data), or a list of users and accesses, the conclusion after testing is highly dependent on the accuracy and completeness of the information being used. Therefore, the IT auditor will want to first look at the computer-generated report and figure out why it is appropriate, with specificity, to rely on the report and why the completeness and accuracy of the report is reliable. ProceduresThere are generally two ways to gain assurance for completeness and accuracy. One is to compare the report to information or data external to the system and the other is to compare the report to the internal database. The best way to get assurance from a computer-generated report is to compare it for completeness and accuracy against data/information independent of the computer system. For instance, if the entity produces something and has a standard rate or formula for billing, there is operational data to support the amount reflected in those billings. That information could be used for completeness and accuracy of a listing of billings by making some simple calculations. It is possible external information exists in other repositories as well. Other similar tests would include tests such as the following:
When external information is not readily available, the comparison would need to be the report against the database in the system. The following are examples of how that can be accomplished:
Sometimes a test performed might provide assurance for completeness but not accuracy, and vice versa. For instance, in confirming receivables, the auditor may not have assurance of accuracy and completeness over the list of subsidiary accounts and decide to confirm a high percentage of accounts (for example, 80 percent) as a compensating test. However, that test only confirms accuracy and not completeness. Also, a paperless transaction or system will not have source documents from which to test data or the report. In the case of the latter, internal controls are critical to obtaining assurance about accuracy and completeness. Finally, sometimes one cannot attain sufficient assurance about the accuracy and completeness of the data and report, as indicated by the ratings the GAO uses for data reliability. When that happens, what do auditors do with the report? They select an alternative approach. For instance, there are two ways to confirm receivables. The first, confirmation letters, uses a list of subsidiary accounts. If accuracy and completeness of that list cannot be attained, the alternative confirmation is subsequent payments. ConclusionWith the combined growth in computer-generated reports, and the growing attention by reviewers and standard setters on the accuracy and completeness of reports used in audits, there is a need to understand the situation and to develop a framework for obtaining that assurance. Obviously, the key is to, first, use a valid source for testing and, second, obtain assurance for both. Tommie Singleton, CISA, CGEIT, CPA, is the director of consulting for Carr Riggs & Ingram, a large regional public accounting firm. His duties involve forensic accounting, business valuation, IT assurance and service organization control engagements. Singleton is responsible for recruiting, training, research, support and quality control for those services and the staff that perform them. He is also a former academic, having taught at several universities from 1991 to 2012. Singleton has published numerous articles, coauthored books and made many presentations on IT auditing and fraud. Which of the following comparisons is most useful to an auditor in evaluating the results of an entity's operations?Which of the following comparisons would be most useful to an auditor in evaluating the results of an entity's operations? Current-year revenue to budgeted current-year revenue.
Which of the following is correct relating to the use of data analytics in financial statement auditing?Which of the following is correct relating to the use of data analytics in financial statement auditing? It may result in the audit of an entire population rather than a sample from that population.
Which of the following actions is an analytical procedure that an auditor most likely would use while auditing a company's notes payable?Which of the following actions is an analytical procedure that an auditor most likely would use while auditing a company's notes payable? Ans A. Analytical procedures are the evaluation of financial information through analysis of plausible relationships among both financial and nonfinancial data.
What is the primary objective of analytical procedures performed during the planning stages of an audit?The purpose of applying analytical procedures in planning the audit is to assist in planning the nature, timing, and extent of auditing procedures that will be used to obtain evidential matter for specific account balances or classes of transactions.
|