The Role of Technology in enhancing audit and assurance in the UK
8 Min Read
May 7, 2023
Audit & Assurance
Advanced analytics, automated processes, blockchain, machine learning (ML), and artificial intelligence (AI) are all concepts that audit professionals must learn and grasp. Companies are adopting emerging technologies rapidly to build interactions and leverage the latest innovations as they have a significant impact in the near future. An audit is a major tool used by boards and C-level management to analyse strategic hazards, and audit chiefs are always involved in upgrading the technology-related capabilities of their audit and assurance team. Despite the use of current technologies has culminated in vast amounts of information being handled by automated systems, COSO guidelines state that managerial principles such as segregation of responsibilities (SoD), record keeping, and independent evaluations remain appropriate and essential.
Technological advancements in the auditing field are altering what an audit is and what it includes. Implementing new technologies has various advantages, including better operational efficiency, higher-quality and more insightful audits, broader financial inclusion, and more informed decision-making processes. Furthermore, the auditor’s function will need to grow since they will need to be familiar with numerous emerging technologies in order to provide higher value-added assurance to their clients. So, how is technology transforming the auditory perspective, and what are the associated risks?
Risk Assessment of Emerging Technologies
Auditors are obligated to provide impartial evaluations during the technology selection process, pilot testing, project execution, and after implementation. Blockchain, AI, RPA, and the Internet of Things (IoT) are examples of modern technologies that mix software modules, databases, communication interfaces, and peripheral components. Auditors need to comprehend the risk inherent in the technology under consideration, and the COBIT and COSO frameworks are equally applicable for examining developing technologies. Neglecting the risk that arises from assessing, choosing, executing, and operating company activities can result in damage to reputation, poor market expansion, and regulatory noncompliance.
Data analytics is a technology that uses raw data to make inferences to help with decision-making. It can be translated into a pre-set, understandable format, making it easier for auditors and clients to spot trends and determine meaning. A substantial number of companies are already using data analytics in their evaluation operations, moving away from traditional sampling approaches. The key advantage of implementing data analytics is that it may offer auditors a more holistic perspective by accounting for the entire population of transactions rather than just a sample. Auditors are expected to provide more lucid insights into high-risk areas, as well as to be more diligent and efficient in detecting irregularities.
The International Auditing and Assurance Standards Board warns against comparing a more complete picture provided by data analytics with omniscience in terms of a company’s financial activities. Data completeness is not guaranteed, and obtaining the necessary approval to access a client’s data may be time-consuming. Furthermore, accessing data from the sub-ledger will increase the task’s intricacy and the amount of data that must be handled.
Machine learning is an artificial intelligence application that utilises algorithms and data to educate a machine to learn without the use of clear and specific guidance. It streamlines the creation of analytical models and uses these models to produce predictions and detect trends in data analysis. Machine learning is a process of iteration, which means that the more relevant information the machine is exposed to, the more effectively it can absorb patterns and recognize them. Programming the machine to identify probable outliers is one example of how machine learning could be utilised in audits. The more cycles the ongoing feedback loop completes, the more feasible it is for the machine to spot anomalies while sifting through vast amounts of data.
The efficiency of machine learning is determined by the data intended to be instructional. Bias can occur when certain features are perceived as more relevant in the lack of context, resulting in skewed results. Furthermore, during the shadowing phase, a machine can pick up on the “bad habits” of a human auditor and repeat their errors.
Also Read: When is a company audit required?
Cloud computing is an established technology that offers cheaper IT expenses, a more flexible operating model, and increased availability. However, it also raises concerns about physical access, data protection, partitioning or separating server and network components, and compliance with applicable regulations and laws. Amazon Web Services, for instance, experienced 36-hour disruptions for more than 70 clients due to technical issues (far above Amazon’s marketing goal of 4.4 hours annually).
Cloud-based system audits ought to adhere to best practices such as the “Security Guidance for Critical Areas of Focus in Cloud Computing V4.0.” These recommendations are organised into 14 domains and align with the NIST model and ISO/IEC standards. They are useful for cloud service providers, their clients, and other stakeholders because they examine cloud models along with associated risks and controls.
Services level agreements/contracts, data confidentiality and security, complying with legal and regulatory standards, cloud security controls, management of access, information communication and preservation, and change management are all risks that cloud computing introduces to companies. To analyse the risk associated with cloud computing, auditors must be knowledgeable of cloud service models, deployment methods, and physical authority over assets. There is less physical oversight over assets and an increasing reliance on external audits to ensure the safety of data.
Artificial intelligence is a machine or system that can process information and learn. It makes prediction decisions using data analysis and innovative algorithms. AI is used in several industries, including hospitality, aerospace, and food and beverage production. Advanced algorithms are created to make decisions based on a pattern or conduct acquired through time.
Internal auditors must concentrate on the rational structure of processes and evaluate the efficacy of algorithms. They must also think about cybersecurity and look for faults and vulnerabilities that can be misused to interfere with AI capability. The AI Auditing Framework developed by the Institute of Internal Auditors (IIA) outlines how to audit AI at various phases of creation and implementation. It is divided into two sections and contains three elements: AI strategy, governance, and the human aspect.
Internet of Things (IoT)
IoT is an innovative technology that auditors should be vigilant about since it can modify the business model, affect the organisation’s strategic objectives, and change the entity’s risk profile. According to Forrester, fraudsters will target Internet of Things (IoT) devices for extortion. Gathering information, data analysis, connectivity, individuals, and processes are essential elements of IoT. This technological innovation alters the business model, has an impact on the company’s goals and objectives, and affects the entity’s risk profile due to exposure to emerging regulations and laws.
The auditors must concentrate on the privacy of data, hacking, service interruptions, and cybersecurity. NISTIR 8228 (Considerations for Managing Internet of Things [IoT] Cybersecurity and Privacy Risks) establishes standards for IoT security and privacy, with three objectives in mind: secure device security, maintain data security, and protect individual privacy. The recommendations define pertinent risks that must be managed as a means to attain these objectives.
Blockchain is a decentralised and unchangeable ledger that records all transactions since its inception. It is resilient to tampering and can be utilised for verifying reported transactions during an audit. The use of blockchain to collect audit evidence, on the other hand, must be qualified. Blockchain technology, which is built on a distributed and decentralised ledger that is encrypted, has been implemented by different industries to tackle company challenges. The blockchain participants authenticate each transaction, resulting in a block of information copied and transmitted to all participants. Despite finance industry opposition, the benefits of blockchain technology are seen in an array of different companies.
ISACA recently launched an audit program to assist in identifying and developing critical regulations, processes, and controls to limit risk and optimise blockchain activities. Insecure APIs, data anonymity and confidentiality, inadequate blockchain application development protocols, and data privacy laws and regulations are all risk considerations linked with blockchain. Auditors must be able to identify whether the data placed on blockchain could expose the organisation to noncompliance liability.
Implications for human auditors
The commoditization of audit and assurance services, as well as the eventual decentralisation of the profession, has resulted from the exponential proliferation of novel technology. Automation is displacing roles that have historically performed routine and managerial chores, but limiting the scope of auditors’ work to merely assessing financial information and verifying would be an insult to the auditing profession.
A strong cognitive skill set is required for success as an auditor. Although technology can do descriptive analysis, artificial intelligence still has a long way to go before it can replace the expert and sensitive assessment of a human auditor. Machine learning methods may require auditors to analyse fewer deviations, but auditors must still assign meaning to irregularities and determine whether they are isolated incidents or indicate a systematic problem. Auditors should strengthen their customer relationships to bring worth to their services.
Need Audit Assurance Service in London, UK?
Auditors are obliged to determine the optimal cost-benefit ratio of internal controls for managing emerging technology. Considering how technology interfaces with a company, how it is controlled, which operations are automated and controlled, and how negative repercussions are handled and tracked are all part of this. They ought to be able to detect the risks that these technologies entail, such as understanding the technological architecture, the system of internal controls developed in the technology, and its connection with the company.
Audit and assurance services are required by businesses of all sizes in the UK, from huge companies to SMEs. Octa Accountants‘ Audit & Assurance services assist you in meeting all legal and financial requirements in the UK. They help mitigate internal and external risks while capitalising on new possibilities. We create customised audit and assurance plans based on the needs of each client.
Schedule a meeting to discuss your requirements and receive a fully customised plan!
Why should you outsource your accounting burden to an accounting firm? Here are the 8 benefits of outsourcing bookkeeping & accounting.