PCAOB Looks to Add Rules for Auditors on Technology-Assisted Analysis

A rules proposal issued by the Public Company Accounting Oversight Board (PCAOB) on June 26 addresses aspects of designing and performing audit procedures that involve technology-assisted analysis of information contained in electronic format.

The proposal includes changes to update aspects of AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement.

“The use of technology by auditors and financial statement preparers never stops evolving, and PCAOB standards must keep up to fulfill our mission to protect investors,” PCAOB Chair Erica Williams said on Monday. “Today’s proposal is another key part of our strategic drive to modernize PCAOB standards.”

Existing PCAOB standards relating to audit evidence and responses to risk were issued by the board in 2010. Since that time, public accounting firms are increasingly obtaining audit evidence by analyzing large volumes of information in electronic format. The proposal is designed to increase the likelihood that audit procedures performed with the use of technology-assisted analysis provide sufficient appropriate audit evidence to support the opinion expressed in the auditor’s report.

The PCAOB said:

Our research indicates that some auditors are expanding their use of technology-assisted analysis (often referred to in practice as “data analysis” or “data analytics”) to perform specific audit procedures that are described in existing AS 1105. These procedures include, for example, inspecting company information in electronic form by examining the correlation between different types of transactions, comparing company information to third-party information, performing analytical procedures by comparing an auditor’s expectation to the company’s recorded balances or transactions, or recalculating company information. Auditors use technology-assisted analysis in many audit areas, including those involving significant risks of material misstatement to financial statements due to error or fraud.

The proposal seeks to improve audit quality by reducing the likelihood that an auditor who uses technology-assisted analysis will issue an opinion without obtaining sufficient appropriate audit evidence. In particular, the proposal would clarify auditor responsibilities in the following areas:

Using reliable information in audit procedures: Technology-assisted analysis often involves analyzing vast amounts of information in electronic format. The proposal would emphasize auditor responsibilities when evaluating the reliability of such information. For example, when auditors test a company’s controls over electronic information, their testing should include controls over the company’s information technology related to such information.
Using audit evidence for multiple purposes: Technology-assisted analysis can be used to provide audit evidence for various purposes in an audit. For example, performing risk assessment procedures when planning an audit and performing substantive procedures in response to the auditor’s risk assessment. The proposal would specify that if an auditor uses audit evidence from an audit procedure for more than one purpose, the auditor should design and perform the procedure to achieve each of the relevant objectives.
Designing and performing substantive procedures: When designing and performing substantive procedures, auditors can use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation. For example, auditors can identify all transactions within an account processed by a certain individual or exceeding a certain amount. The proposal would clarify the factors the auditor should consider as part of that investigation, including whether the identified items represent a misstatement or a control deficiency or indicate a need for the auditor to modify its risk assessment or planned procedures.

The deadline for public comment on the rules proposal is Aug. 28.