Worth mentioning: KPMG's take on the state of tech in the audit profession

In a recent post (as in just this week) on Forbes, KPMG's  James P. Liddy who is the Vice Chair, Audit and Regional Head of Audit, Americas put out a great post that summarizes the current state of analytics in financial audits.

He diplomatically summarizes the current state of the financial audit as "unchanged for more than 80 years since the advent of the classic audit" while stating "[a]dvances in technology and the massive proliferation of available information have created a new landscape for financial reporting. With investors now having access to a seemingly unlimited breadth and depth of information, the need has never been greater for the audit process to evolve by providing deeper and more relevant insights about an organization’s financial condition and performance –while maintaining and continually improving audit quality." [Emphasis added]

For those that have started off our careers in the world of financial audit as professional accountants and then moved to the world of audit analytics or IT risk management, we have always felt that technology could help us to get audits done more efficiently and effectively.

I was actually surprised that he stated that auditors "perform procedures over a relatively small sample of transactions – as few as 30 or 40 – and extrapolate conclusions across a much broader set of data". We usually don't see this kind of openness when it comes to discussing the inner-workings of the profession. However, I think that discussing such fundamentals is inevitable given those outside the profession are embracing big data analytics in "non-financial audits". For example, see this post where I discuss the New York City fire department's use of big data analytics to identify a better audit population when it comes to identifying illegal conversions that are a high risk and need to be evacuated.

For those that take comfort in the regulated nature of the profession as protection of disruption, we should take note of how the regulators are embracing big data analytics. Firstly, the SEC is using RoboCop to better target financial irregularities. Secondly, according to the Wall Street Journal, FINRA is eyeing an automated audit approach to monitoring to risk. The program is known as "Comprehensive Automated Risk Data System" (CARDS). As per FINRA:

"CARDS program will increase FINRA's ability to protect the investing public by utilizing automated analytics on brokerage data to identify problematic sales practice activity. FINRA plans to analyze CARDS data before examining firms on site, thereby identifying risks earlier and shifting work away from the on-site exam process". In the same post, Susan Axelrod, FINRA's Executive Vice President of Regulatory Operations, is quoted as saying "The information collected through CARDS will allow FINRA to run analytics that identify potential "red flags" of sales practice misconduct and help us identify potential business conduct problems with firms, branches and registered representatives".

As a result, I agree with Mr. Libby: sticking to the status quo is no longer a viable strategy for the profession.

UWCISA 8th Biennial Research Symposium: A Unique Experience

Last weekend UWCISA held it's 8th Biennial Research Symposium.

For those who attended, it was a great opportunity to get together and understand what is the leading edge in terms of research in information security, data analytics and assurance issues related to technology. For those that may not be familiar with the conference it is a truly unique format. The Symposium brings academics together to present papers, but also brings together discussants from academia as well as practitioners from the field (click here for the list of papers presented as well as the list of practitioner/academic discussants). It is this unique blend of perspectives that makes the symposium a unique experience.

In prior years, the conference was only on the Friday and Saturday. However, this year the conference included a special XBRL session on the Thursday. This portion of the conference was standalone and actually was sold out! Gerry Trites, head of XBRL Canada, informed the attendees at the conference that over 250 Canadian companies are working to implement XBRL because they file in US GAAP they are effectively forced to produce in XBRL tagged financial statements. He is in the process of pulling together a study that will explore this in greater detail.

On the opening panel, it was interesting to see the different perspectives that were presented about the current state of data and assurance. It really highlighted the challenge of innovation in audit. On the one hand, there is an agreement regarding the tremendous potential that exists due to automate audit tasks and identify issues through analytic techniques. But on the other hand, due to the regulatory nature of audits, there was a consensus that the slow pace that standards change, it will be a while before auditors can take advantage of such techniques. However, the challenge from the audit firm side (as noted by one of presenters) is that the cost or quality advantage gained through R&D will be lost if it is scrutinized and thereby shared with the rest of the audit industry. Another panelists pointed out to another conondrum; can auditors be truly independent of management? His argument was that a more data-driven audit would make the team more objective, which is a more attainable goal.

All in all, it was a great symposium. Special thanks to Efrim Boritz, Lia Boritz, Jenny Thomspson, and the others behind the scenes for getting this mammoth event up and going. Thanks to  Bill Swirsky for keeping us on track and going). And thanks, of course, to the presenters and discussants who presented their papers and views.

See you all in 2 years!