By its very nature, the audit function has to be somewhat conservative and backward-looking -- but that doesn't mean it's immune to change.
In fact, a recent confluence of new regulations and new technological developments -- as well as some much-noted demographic developments -- have set the stage for major changes in the way auditors pursue their craft. We convened a group of experts to examine how these trends are changing the practice of auditing, and how they expect them to play out in the future.
What do you think are the most important developments in auditing over the past few years?
Cindy Fornelli (executive director, Center for Audit Quality): The profession is operating in an active regulatory environment that requires a new level of engagement and the allocation of resources to comply with new standards and rules.
Auditors must navigate a complex, dynamic and interconnected global economy with several regulatory and standard-setting regimes. This environment requires coordinated efforts to audit multinational companies (many operating in emerging markets which often have underdeveloped financial systems), supervision of foreign teams, and enhanced training and education of auditors to raise cultural awareness. The profession is committed to a continuous cycle of improvement.
At the same time, increased risk and complexity has contributed to a sharpened focus on auditor independence, objectivity and skepticism.
Brian Fox (founder and chief marketing officer, Capital Confirmation Inc.): One important development has been the move toward IFRS and the resulting shift to alignment with IAASB standards. Though there is a lot that needs to be thoughtfully considered as we move down this path, with this move, the U.S. is signaling its intent to be internationally relevant within the worldwide accounting and auditing community.
Also, the Millennial Generation's desire from Day One of their employment to be contributing members of the audit team, instead of simple, non-thinking grunts. And the smart ones -- the ones who we all want on our engagement teams -- recognize their ability to switch employers if they aren't given that opportunity.
Chuck Landes (vice president of professional standards and services, American Institute of CPAs): The International Auditing and Assurance Board and the Auditing Standards Board's rewriting of the auditing standards into a clarity format; the Public Company Accounting Oversight Board's enhanced inspections; and improvements in data-mining techniques.
Greg Giugliano (partner-in-charge, National Assurance Practice, Top 100 Firm Marcum LLP): The past few years have seen a multitude of new standards, [but] the substance of the audit remained relatively unchanged. However, there have been some notable exceptions: There has been a favorable change in auditors' communications with audit committees (or those charged with governance); the increased communication is meant to improve auditor independence, by having the auditors deal directly with interested, hopefully independent parties, other than management.
In addition, there have been improvements in the audit standards regarding the auditing of accounting estimates, including fair value estimates; as part of these improvements, there has been an exponential increase in the use of fair value specialists in an audit.
Mark Friedlich (director of publishing, CCH): One of the most important developments is that there is more scrutiny of the profession, including a closer look at audit results, failed companies, emphasis on forensic accounting (auditors' role in detecting fraud), and a move toward criminal liability for audit failure.
What new trends should auditors be watching in the near future?
Landes: Auditor responsibilities around going concern and liquidity risks are going to increase. During this last financial crisis, the profession was challenged as being too late to wave warning signs. As the accounting standards around disclosures change and as auditing standards change, auditors will be required to do more and report on more information about events or circumstances that cast doubts as to an entity's ability to be a going concern.
Fornelli: They should be watching for:
- Changes to the auditor's reporting model and efforts to address investors' desire for auditors to communicate more about what they see during the audit in the audit report;
- The expansion of historical financial reporting to include the six capitals of integrated reporting (financial, manufactured, human, intellectual, nature and social); and,
- More active and engaged audit committee oversight and involvement that will require increased two-way communications between the audit committee and the external auditor.
Friedlich: They should be watching the move to the cloud; the AICPA's recently issued Financial Reporting Framework for Small- and Medium-Sized Entities, and the Financial Accounting Foundation's Private Company Council's work on financial reporting for private companies; and, given projections of retirement of over half of current audit partners over the next few years, the need to recruit and train qualified auditors.
Fox: They should be watching for more creative frauds and ways to hide frauds as those looking to commit fraud take advantage of the technologies available to them.
Social collaboration and shared access to knowledge, even across firms, will also be critical for those who want to keep pace with the continuous changes going on around them. Those who seek to hoard knowledge as a powerbroker will find themselves left out of the conversation.
Giugliano: A recent trend that is likely to continue is the issuance of more prescriptive auditing standards. It is really a dichotomy of events. On the one hand, the standard-setters have had concerns that auditors have been allowed too much judgment, believing such judgment has permitted auditors to take liberties while performing audits, which may have caused auditors to miss accounting irregularities. On the other hand, making the audit requirements more prescriptive has the potential of creating a checklist mentality for the auditor; such a mentality, in my opinion, will decrease audit quality. There needs to be a balance.
Some other trends include: a continued emphasis on professional skepticism; an emphasis on auditing internal controls over financial reporting, even in situations where it might be more effective to utilize a substantive audit approach; an expansion of the auditor's reporting model from a pass/fail to a report that might provide more useful commentary to the user of the financial statements; and continuing to enhance the communications between auditors and the audit committee (or those charged with governance).
How significant an impact has technology had on auditing?
Friedlich: Mobile devices have made access available anytime, anywhere ... and the move to the cloud, Software-as-a-Service, "big data," and the use of mobile devices have increased the effectiveness and efficiency of accounting and the data available to entities and auditors.
Fornelli: It has had a significant impact, resulting in, among things, productivity improvements that include consistent global applications of audit methodologies integrated into a firm's IT, concurrent real-time access to audit work papers, and enhanced communications for audit teams around the globe.
Fox: While it may sound like I'm self-promoting, I honestly believe that one of the most significant developments has been the adoption of electronic confirmations and the resulting frauds that have been caught. For 100 years, the confirmation process had not materially changed. Five years ago, barely 200 small firms and sole practitioners had even tested electronic confirmations. Today, more than 10,000 firms in over 100 countries use electronic confirmations to process over $1 trillion in confirmation data a year.
Giugliano: Most processes have become automated and paper audit evidence is shrinking. Instead of auditing around the system, we need to audit through the system. We are utilizing our own IT experts to test the client's IT systems prior to the financial audit team performing fieldwork. This creates a more effective and efficient audit process. We are able to identify high-risk areas in which more substantive testing may need to be performed, and those low-risk areas where we are able to rely on the integrity of the information produced by the system.
An example of a high-risk area would be an accounting department with excessive access. In this situation, the audit team would pay particular attention to the functions performed within this department. With the increase in reliance on technology, we also are utilizing automated tools that pull network security information straight from the client's server. ...
Another tool set that has become a major part of the audit process is data extraction and analysis software. These tools allow the auditor to test entire populations, rather than a sampling, and allow auditors to perform various tests to develop trend analyses and to detect potential fraud.
In what ways do you expect the impact of technology to change?
Fox: Technology will continue the movement toward "continuous auditing," with more focus for the auditors on finding fraud. While we are still some time away from full-blown continuous auditing at the transaction level, as I see increased adoption of technology tools by the auditors, I believe we will begin to see auditors fundamentally alter their audit testing.
As an example, historically very little audit testing has been performed on quarterly numbers, but today certain audit technologies have improved audit testing efficiency to a level that allows for extensive quarterly as well as random mid-year testing that was unheard of just five to 10 years ago. It also allows us to now test entire populations, instead of small samples. The ability to perform audit testing randomly throughout the year, and from the auditor's office, instead of on-site at the client location, will be a significant result of this as well.
Looking five years down the road, how will the way auditors operate differ from current practice?
Giugliano: Thinking about what auditing will look like five years from now, I would expect to see even more responsibilities placed on the auditor to detect fraudulent financial reporting. One of the tools that I would expect to see developed is software that uses data analytics to detect anomalies. Such software should be able to compare numerous data points related to an entity's financial results to industry averages to highlight statistical outliers. This type of software should be able to identify higher-risk areas that warrant further investigation by the auditor.
Another area that audit firms may have to deal with is the idea of audit quality. Regulators and others will likely develop audit quality benchmarks to assess an accounting firm, and measure firms against these benchmarks. The issue will be whether firms will put more effort into modifying their audit practices to "look good" pursuant to the benchmarks, rather than truly emphasizing audit quality.
Landes: We will see more real-time auditing, which will allow the auditor to test more data without increasing time. We'll also see more testing and opining on non-financial information, and even more specialized skills and use of specialists.
Fornelli: Auditors will provide greater assurance on broader information, and auditor competencies will include a broader skill set. Firms will also develop processes and mechanisms that allow for more flexibility and mobility, which will help with talent recruitment and retention. And the nature of the complex, global economy will increase firms' reliance on specialists, and require auditors to gain greater cultural awareness, language skills, and a broader business IQ.
Fox: In the future, an auditor's major focus will be testing for and identifying fraud, as audit technologies perform more and more of the rote auditing tasks that most of us performed at the staff level. I foresee the day when the CPA Exam adds a fifth section purely focused on fraud, because so much of what the public expects of us as CPAs and auditors is to find fraud, but today we are not trained on fraud at the university level.
Friedlich: As the leading edge of cloud computing moves past SaaS, and as Platform-as-a-Service, Infrastructure-as-a-Service and the use of mobile devices become more prevalent, auditors will need to change how they perform many procedures, from understanding and documenting controls to selecting samples, confirming, and "vouching" and "tracing" tests.
The difficulty in replacing retiring auditors will require more efficiency and increased productivity, resulting in an increase in "offsite" work and more reliance on clients' internal auditors and other client resources.
