DATA ANALYTICS :

THE FUTURE OF AUDIT

Institut des Réviseurs d’Entreprises

Institut royal
Instituut van de Bedrijfsrevisoren
Koninklijk Instituut
 The purpose of this publication is to demonstrate that data analytics
techniques are embedded in the audit approach and that data analytics
offers many opportunities to improve the audit quality.
TODAY DATA ANALYTICS TECHNIQUES ARE ALREADY
EMBEDDED IN THE AUDIT APPROACH
Today most of the auditors apply data analytics in their day-to-day audit
activities. The techniques are sometimes basic, in other situations more
complex. Basic analytics procedures are performed through softwares
such as excel that used to sort information (for example top 10 customer
by revenue) and match data from separate sources (for example individual
fixed assets still in use in the fixed assets management system with the
fixed asset as recorded in the general legder). More advanced procedures
involve IT audit techniques and are used, for example, to recalculate the
accuracy of trade receivables ageing balance, to realize a three way
match detail testing, to isolate goods shipped without sales invoice,...

BUT DATA ANALYTICS OFFERS MANY OTHER OPPORTUNITIES

TO IMPROVE AUDIT QUALITY
Data analytics is a key element in the strategy to improve audit quality.
Analytics tools will assist the auditor in the identification of risks through
procedures such as the search for one time vendors, direct expenditure
postings, vendors with payments on multiple bank accounts, duplicated
payments,...

MORE
ADDED VALUE LARGER FROM
AND AUDIT COVERAGE
CREDIBILITY SIMPLE TO
COMPLEX MAXIMISATION
TECHNIQUES OF
PROFFESSIONAL
SKEPTICISM AND
NEW JUDGMENT
SKILLS

DATA BETTER
AUDIT QUALITY
BETTER ANALYTICS
UNDERSTANDING
OF AUDIT
APPROACH

EMBEDDED
IN THE AUDIT
SHIFT APPROACH
TO MORE
EXPERIENCED BETTER BETTER
AUDITORS ANALYSIS OF ANALYSIS OF
AUDITED ENTITY EXCEPTION

DATA ANALYTICS :
THE FUTURE OF AUDIT
1. DATA ANALYTICS, THE FUTURE OF AUDIT
Data analytics (DA) is the process of exa- Will sampling techniques disappear and
mining data sets in order to draw conclu- systematically be replaced by full coverage
sions about the information they contain, of the population? Many questions remain
increasingly with the aid of specialized unanswered. The objective of this docu-
systems and software. Data analytics ment is to provide a high level overview of
technologies and techniques are widely data analytics in the audit approach and to
used in commercial industries to enable provide examples of data analytics audit
organizations to make more-informed procedures. The International Auditing
business decisions and by scientists and and Assurance Standards Board (IAASB)
researchers to verify or disprove scientific is currently evaluating whether and to
models, theories and hypotheses. what extent data analytics should be in-
tegrated into the international standards
With the increasing volume of data in on auditing (ISA’s).
business today, data analytics can be used
as an audit technique to better unders- The way an audit is executed has not
tand and analyze large volumes of data. fundamentally changed in many years, but
Equipped with a more in-depth knowledge now it is time for the audit profession to
of the entity’s business, the auditor is adapt to the new technologies available.
able to focus on items of greater audit
interest. Data analytics may also provide
recommendations to clients.

2. ADVANTAGES AND CHALLENGES

Data analytics enhances audit quality increasingly complex and high-volume be embedded in the audit approach but
because the population tested is larger data environment, the use of technology testing large populations often generates
with the objective that 100 % of the data and data analytics offers opportunities for a high number of exceptions. What is the
is screened. As a result, auditors can ge- the auditor to obtain a more effective and audit conclusion in case of numerous
nerally derive a combination of quality and robust understanding of the entity and its exceptions? Also the “acquisition” of data
value from its use. environment, enhancing the quality of the can take significant time for the audit
auditor’s risk assessment and response. team. The information delivered by the
Data analytics provide an opportunity to The enhanced use of professional skepti- client should be in a format that can be
maximize the effectiveness of the human cism and professional judgment in the audit used by the auditor and this is not always
element. For example, technology solutions process will also impact the attractiveness obvious. The fragmentation of the ERP
can reduce the amount of time dedicated of audit as a career option. systems market is also a hurdle: the for-
to manual analysis, allowing more time mat of information can be different from
to be spent by the auditor on the more Data analytics presents an opportunity for system to system.
judgmental aspects of an analysis Data more valuable and informed engagement
analytics increases the automation in and dialogue with those charged with The use of data analytics in the audit can
the audit process which allows the au- governance within the audited entity. Mo- encompass a wide range of techniques.
ditor to increase his focus on the more dern data analysis methods also support The auditor of the future should be familiar
fundamental audit procedures and the producing more reliable information for with simple data analytics, but also more
more complex and risky areas of audit. The the users. Ultimately, data analytics adds complex data analysis techniques. Data
application of professional skepticism and value to the audit and thus increases the analytics should be embedded in the audit
professional judgment is improved when credibility of the audit. While the benefits approach, not acquiring tools.
the auditor has a robust understanding are clear, data analytics also means new
of the entity and its environment. In an challenges. The analytic techniques should

DATA ANALYTICS :
THE FUTURE OF AUDIT
3. INTEGRATION OF
DATA ANALYTICS IN
THE AUDIT APPROACH
Data analytics is integrated in the audit approach conforming the statistics, this insight can be used for enhanced risk assessment.
International Standards on Auditing (ISAs). Consequently, the ISA It can also be used prior to the performance of the further audit
audit approach remains unchanged. procedures when we have obtained the population and want to
enhance the auditor’s understanding of the population.
Data analytics can be applied throughout the phases of the audit,
including: 3.2 IMPLEMENTATION OF THE AUDIT APPROACH
• Plan the audit. When using data analytics to perform audit procedures, the
• Perform tests of operating effectiveness of control. techniques are more structured than exploratory data analytics
• Perform substantive procedures. and tend to be more mathematical and analytical (e.g., regression
• Evaluate results. analysis).

Data analytics can either be exploratory (plan the audit) or used Using data analytics to perform audit procedures can provide
to perform further audit procedures (i.e., tests of controls and the auditor with sufficient appropriate audit evidence regarding
substantive procedures). the assessed risks. The following types of procedures could be
supported by data analytics:
3.1 PLAN THE AUDIT • Tests of controls.
Exploratory data analysis (EDA) is an approach to analyzing • Tests of details.
data sets to summarize their main characteristics, often with • Substantive analytical procedures.
visual methods. The auditor does a first and general analysis of
the information of the data in order to get preliminary insights Tests of Controls
about the data. It can be used in the planning phase and during Inspection or reperformance of controls — Data analytics may
the risk analysis. It starts with looking at the data and asking be used to test the operating effectiveness of controls through
questions such as: inspection of the data for evidence of the control operating as
• What does the data indicate? designed. In some circumstances, data analytics can also reper-
• Does the data suggest something might have gone wrong? form the control activity itself.
• Where do the risks appear to be?
• Are there potential fraud indicators? Tests of Details
• What assertions should we focus on? Recalculations — Data analytics can be used to perform a recalcu-
• What models and approaches appear to be optimal for lation of an entire population as opposed to only a sample of items.
analytical procedures?
Reconciliations and Roll forwards — Data analytics can be used
Exploratory data analytics are generally used when performing to compare and agree information from multiple sets of data, or
risk assessment procedures, including: to roll forward data from one period to the next.
• Understanding the entity and its environment.
• Identifying and assessing the risks of material misstatement. Substantive Analytical Procedures
• Designing further audit procedures that are tailored to the Regression Analysis — Data analytics can be used to analyze the
risks identified. relationships between variables in the data to identify differences
between recorded amounts and our established expectations that
Population analysis can also be performed through data analytics.
may warrant further investigation.
It can help the auditor design tailored audit procedures by providing
general information about a population (e.g., total distribution of Other
debits/credits, amounts, volume, and timing of transactions) based Data analytics may also be useful in other ways.
on common fields in the general ledger. Depending on the types of

DATA ANALYTICS :
THE FUTURE OF AUDIT
Automation of Manual Procedures — Data analytics may be • Projected Misstatements are our best estimate of missta-
used to perform time-consuming and often tedious manual tements in populations, involving the projection of missta-
audit procedures. tements identified in audit samples to the entire populations
from which the samples were drawn.
Journal Entry Testing to Address the Risk of Management Override
of Controls — Data analytics are often used for testing journal When the auditor performs a data analytics as a test of details to
entries to address the risk of management override of controls test 100 percent of the population, he typically would not identify
through the use of an electronic approach. a projected misstatement because he has not performed an audit
sample. Audit sampling procedures are used to draw inferences
3.3 EVALUATION OF MISSTATEMENTS about the entire population based on the results of testing a
An audit allows the auditor to express an opinion about whether the sample of selected items from the population. This involves
financial statements are free of material misstatement. Because projecting factual misstatements identified in the sampled items
the auditor must limit overall audit risk to a low level, reasonable to the remainder of the population (projected misstatement).
assurance must be at a high level. Stated in mathematical terms, However, when using data analytics as a test of details, there
if audit risk is 5 percent, then the level of assurance is 95 percent. may be circumstances in which the auditor identifies a large
When analyzing exceptions and misstatements, the auditor should number of exceptions such that it is not practical to investigate
always keep in mind that the main objective should be to provide them all individually. If he samples the exceptions and identifies
reasonable assurance. However, data analytics will not lead to a factual misstatement in his sample, and the nature and cause
providing an absolute assurance. of the misstatement is specific to the exception population, it is
appropriate to project the identified misstatement to the population
Deviations identified through data analytics should be analyzed, of exceptions, resulting in a projected misstatement.
sorted and clustered. Part of the deviations can often be justified.
For example, when a system is configured to prevent pricing For example, the use of data analytics as a test of details to
changes, a manual price change is a deviation. However, if the perform a 100 percent match of recorded invoices to a standard
change has been duly approved, there is no issue from an audit price listing. In this example, the invoice prices are automatically
point of view. generated at the time an invoice is created based on the standard
price listing; however, there are circumstances in which deviations
And what if data analytics identifies misstatements? Regardless from the standard price listing may be approved and manually
of the audit technique employed to identify misstatements, once overridden. The results of the data analytic identified a number of
the auditor has established that a misstatement exists, he should exceptions indicating manual overrides from the standard pricing
investigate the nature and cause of any misstatements identified had been applied to invoices. In order to assess whether these
and evaluate their possible effect on the purpose of the audit manual overrides are properly approved, the auditor selects a
procedure and on other areas of the audit. sample of the exceptions to test. Upon investigation of the sample
of exceptions he determines that a portion of them were not
In general, there are 3 different types of misstatements: properly approved and therefore represent factual misstatements
• Factual Misstatements are misstatements about which in the population. It would then be appropriate to extrapolate the
there is no doubt. identified factual misstatement over the remaining population of
• Judgmental Misstatements are differences arising from the exceptions to determine the corresponding projected misstatement
judgments of management concerning accounting estimates within the population.
that the auditor considers unreasonable, or the selection or
application of accounting policies that the auditor considers
inappropriate.

DATA ANALYTICS :
THE FUTURE OF AUDIT
Data analytics tools In analytics, the acquisition of data is key. The information used
The auditor can use classical data analytics tools but also more by the auditor should be validated (for example reconciled to the
sophisticated techniques. general ledger and/or analysis of the period covered for com-
pleteness). Any change made to the base information should be
Below are examples of tools documented.
• Excel Analytics
• ACL – IDEA CaseWare Examples of data analytics routines
• Softwares that can aid in performing analytical procedures by Data analytics can be applied throughout the phases of the audit.
using regression analysis to model the relationship between Please find below some examples of data analytics routines and
an amount being tested and data expected to be predictive considerations per audit phase:
of the amount.

CONTROL OBJECTIVES EXAMPLES

PLAN THE AUDIT

Planning

First inventory of data analytics possibilities. The auditor must ask the following questions:
Today, the auditor always considers the use of data analytics • To what extent are processes supported by an information
techniques in the planning phase. system?
• To what extent are underlying data of transactions available?
The more the core processes are supported by an
• What kind of data analytics might be applied?
information system, the more data analytics possibilities
• Which tools do I have available?
there are.

Evaluation of the data quality of the general ledger whereby To deal with the following topics on the basis of interviews and first
an attempt will be made to check whether the data is procedures:
complete, honest and available for the desired period. • To what extent are controls available that guarantee the
completeness, integrity and availability of underlying data?
We think of examples such as:
• Access to underlying data and the possibility to make changes;
• Review of the underlying data by the client by, among other
things, reconciliation of any subsystems to the general ledger;
• Does the contact (IT manager, financial manager, etc.) have
enough expertise with the client to handle data extraction?

Risk assessment

First analysis of the general ledger to determine the most Through data analytics procedures obtain a first insight into:
important transaction flows within the organization. A good • Type and volume of transactions;
analysis can lead to a better description of the identified risks • Mapping core processes;
and the data analytics possibilities. In total this will lead to a • Checking accounting transactions against expected accounting
more targeted approach to the risks. patterns (example: are all turnover entries booked directly
against the trade receivables? Are there turnover entries which
This data is used, among other things, for the preliminary
do not pass through the sales ledger?)
analytical review.
• Seasonality of transactions;
• Mapping the evolution of relevant KPIs (stock rotation, number
of days of customer credit, etc.)

DATA ANALYTICS :
THE FUTURE OF AUDIT
EXECUTE THE AUDIT
Tests of controls

Perform tests of controls using data analytics Examples include the following tests of controls:
• Analysis of all paid invoices of the fiscal year: approval present?
Timely? Correct person?
• Analysis of credit limits by customers: are there exceedances?
• SOD analysis on Order to Cash Cycle (This data analytics
procedure identifies the sales processing permissions assigned
to each user based on their ERP profile (on the extraction date)
and compares these permissions to pre-defined expectations
for how permissions would normally be assigned to prevent
ERP users having incompatible duties when processing sales
transactions.
• Analysis of access rights of users and possible changes
throughout the fiscal year
• Preparation of the activity-role matrix (which activities relate to
which roles and related statistics)

Substantive procedures

Transaction analysis of various business processes by means Examples include:

of data analytics techniques • Three-way match within the order-to-cash cycle
(This data analytics procedure compares information from the customer invoice
details used to record revenue with the related sales order and delivery document
information within the ERP (i.e., three- way match). The comparison is focused on
the attributes of quantity and price).
• Transaction flow verification: verify whether the actual booking
sequences are aligned with the designed process as described in
our risk assessment.
• Inventory subledger data analysis
(This data analytics routine perform specific subledger data analysis (balance as
per year-end, costing method, manual changes and negative quantities/cost by
inventory category).
• Analysis of payments made after period end
(This data analytics procedure categorizes cash payments recorded subsequent to
the period end through to the Extraction Date. The categorization is done based
on the earlier of the expected delivery date (as recorded on the purchase order) or
delivery date obtained from the underlying invoice or delivery document to which
the payment relates, as cash payments that appear to relate to goods delivered
before the period end or after the period end and also identifies the period in which
the related liability was originally recorded.)

DATA ANALYTICS :
THE FUTURE OF AUDIT
Instituut van de Bedrijfsrevisoren
Institut des Réviseurs d’Entreprises
E. Jacqmainlaan 135/1
1000 Brussels

This paper was prepared by the working group Data Analy-

tics, which is composed of the following members: Olivier
De Bonhome, Erik Gjymshana (technical advisor) Mieke
Jans (prof. University of Hasselt), Daniel Kroes (president),
Marc Marissen, Filip Simpelaere, Jeroen Trumpener and
Sébastien Verachtert

Institut des Réviseurs d’Entreprises

Institut royal
Instituut van de Bedrijfsrevisoren
Koninklijk Instituut