Does the current model of the traditional regulatory and statutory audit still make sense in the changing business context? These audits performed by independent and external auditors in line with relevant laws and regulations, require the auditee to submit a set of reporting information, and the auditor to produce their report annually in line with the legislated timelines and to meet stakeholder needs.
The evolved needs of stakeholders
From a legislation and auditing standards perspective, there are specific requirements that an auditor needs to follow to fulfil their external audit objectives, and report. Auditors follow a suitable audit methodology based on the requirements to fulfil their mandate. They then provide their standard audit report weeks or months after the ending of the reporting period, following an extensive risk-based audit process. With the changing dynamics and needs of business, and society, is the current audit process meeting the needs of capital markets and economies? To a large extent, probably yes! However, there is little doubt that many decision makers would do with real-time audit opinions, given the fast pace of business. There is of course the ever-extending discussion on the audit expectation gap, which this may be contributing to. In times of uncertainty, great risks, advancing technology and the fast pace of business, one thing is becoming certain: the need for real-time decision-making in response to complex and changing environments.
Business and the increasing use of technology
A set of audited set of financial statements (on their own) produced months after the financial year-end does not provide the level of insight into the auditee, and the changing circumstances that users and stakeholders expect. Business is aggressively investing in advanced technology to gain market advantage and meet objectives, which requires readily available and reliable information. Banks, inventors, suppliers, the public and even government users could probably do with on-the-go assurance and audit opinions. The undeniable and increasing use of technology in business creates an opportunity to expand, reform or innovate the offering of the audit and assurance function in various ways. A clear and pertinent trend emerging is the shift towards a more continuous and real-time basis of auditing. Most large firms are already providing a service of this nature, through the advisory or internal audit service line of the firm.
Hyperautomation of business systems and the use of artificial intelligence and machine learning, distributed ledgers, and large data sets (used for insights, held as assets, or traded as commodities) – these are examples of complexities auditors are increasingly confronted with during audits. Cloud computing is also enabling better speed for business processes, access to large data sets and seamless reporting. Auditors in turn need to employ equally sophisticated tools and techniques in performing their audit procedures, which include the use of artificial intelligence and machine learning, and a significant focus on data analytics.
The audit response
When it comes to what shape reforms (if any) should take, the answer depends on who you ask. The audit profession’s conservative and cautious after-the-fact ‘stamp of approval’ has been a strength. Rapid changes now mean that at times, using certain technologies a company may be able to produce information that is reliable, accessible, or transparent enough to meet the needs of some users, in real-time. For example, continuing blockchain technology developments can result in a different picture when it comes to reporting, assurance and decision-making in coming years. Changing needs and technology developments will drive change in the role profile of the auditor, how and when they get to their prized opinion.
The timing of the opinion (and probably a lot more) is worth discussion and debate, as the profession evolves. Despite various instances of reported issues related to various audits and audit firms, the rigour and quality of the audit process remain high – it is robust and fundamental for stable organisations and economies. Auditing requirements (and contexts) are based on legislation and auditing standards. The International Auditing and Assurance Standards Board’s (IAASB) standards provide for other assurance and related engagements, with the audit engagement standards now updated for the expanding use of technology. The IAASB is also considering the impact of disruptive technology on the audit profession in both the short and longer term, which will over time inform standard-setting and hopefully the regulatory framework.
The auditing profession continues to innovate and embrace the use of technology, with the IAASB proactively monitoring the technology landscape. The current audit process, however, not only leaves issues undetected for many months but also largely analyses samples with the possibility of data points in the larger population not properly represented (sampling risk). Audits have also historically been human resource-intensive, with limited frequency and depth. With a more contemporary regulatory framework and standards, the use of advanced and smart technology would enable real-time auditing and enhance the relevance and impact of the audit process. Continuous and real-time audits would not replace but likely complement the annual audit, driven by technology and responding to the evolved needs of capital markets. The smart use of technology in the audit process could also result in fewer audit hours and lower fees, and improve the implementation of other parts of the standards (eg those requiring human intelligence). Enhanced value and relevance that meets business needs will ensure auditors are getting to an opinion faster and could improve the recovery of audit fees. There is however a high level of expertise needed and significant investment in setting up the necessary technology.
Real-time assurance may be provided by the internal auditor in certain circumstances, or there may be an option to follow the guidance on other types of engagements (eg agreed-upon procedures); however, the external audit process needs to evolve towards real-time auditing in its own right. During the COVID-19 pandemic lockdowns, as an example, there was a great need the world over (by all users) for timeous and reliable financial and non-financial information. An audit process for a 31 December 2020 financial year-end that was completed during 2021 may have been ‘late to the party’. Supply chain processes, valuations, going concerns and other aspects of business were significantly impacted by the lockdowns, resulting in various challenges and changes. Continuous and real-time auditing that is supported by the right technologies and frameworks in this instance would have ensured the timeous availability of relevant information.
The move towards a technology-enabled audit process is well underway. Large firms will likely transition well, while small and medium practices (SMPs) may struggle to adapt and invest in technology and their people (upskilling). The auditing standards of the IAASB already refer to the increased use of technology by business, while the board continues to monitor developments and disruptions on the technology front, to inform better standard setting. Digital competence (particularly around data analytics) should be a focal point in developing people, to ensure that auditors continue to exercise professional competence and due care on audits. This will also enable auditors to take up new technology roles in audit teams that are emerging as the profession shapes up towards the future. Audit professionals should not only be digitally competent but also agile and flexible enough to adjust as tech changes daily and will differ from client to client.
In the quest for faster, more efficient and more accurate audits, both legislators and standard setters need to keep a close eye on business and technology developments over the coming years, to ensure the continued relevance of the audit function, and to continue meeting the changing needs of stakeholders. Big data created are already forcing auditors to find more effective and efficient methods when auditing. Once a year audits where sampling is used on audit evidence are not sufficient in the modern business environment. Continuous and real-time audits would see a transaction being audited as it is happening or in a very short time, and a report available after the audit − the auditor having performed data analytics and their risk assessment and identifying issues (in the digital environment) in real-time or near real-time.
Msizi Gwala CA(SA), Project Director: Enabling Competencies