The US’ Public Company Accounting Oversight Board (PCAOB) has issued for public comment a proposal designed to improve audit quality and enhance investor protection by addressing aspects of designing and performing audit procedures that involve technology-assisted analysis of information in electronic form. The proposal includes changes to update aspects of AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement.
PCAOB chair Erica Williams said: “The use of technology by auditors and financial statement preparers never stops evolving, and PCAOB standards must keep up to fulfil our mission to protect investors. [This] proposal is another key part of our strategic drive to modernise PCAOB standards.”
Why the PCAOB is proposing these changes
Existing PCAOB standards relating to audit evidence and responses to risk were issued by the Board in 2010. Since then, companies have expanded their use of information systems that maintain large volumes of information in electronic form. As a result, auditors have greater access to large volumes of company-produced and third-party information in electronic form that may potentially serve as audit evidence. Meanwhile, some auditors have greatly expanded their use of data analysis tools.
Although the PCAOB staff’s research indicates that auditors are using technology-assisted analysis in audit procedures, it also indicates that audit quality would benefit if our standards included additional direction addressing specific aspects of designing and performing audit procedures that involve technology-assisted analysis.
What the Proposal Seeks to Achieve
The proposal seeks to improve audit quality by reducing the likelihood that an auditor who uses technology-assisted analysis will issue an opinion without obtaining sufficient appropriate audit evidence. In particular, the proposal aims to bring greater clarity to auditor responsibilities in the following areas:
- Using reliable information in audit procedures: Technology-assisted analysis often involves analysing vast amounts of information in electronic format. The proposal would emphasise auditor responsibilities when evaluating the reliability of such information. For example, when auditors test a company’s controls over electronic information, their testing should include controls over the company’s information technology related to such information.
- Using audit evidence for multiple purposes: Technology-assisted analysis can be used to provide audit evidence for various purposes in an audit. For example, performing risk assessment procedures when planning an audit and performing substantive procedures in response to the auditor’s risk assessment. The proposal would specify that if an auditor uses audit evidence from an audit procedure for more than one purpose, the auditor should design and perform the procedure to achieve each of the relevant objectives.
- Designing and performing substantive procedures: When designing and performing substantive procedures, auditors can use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation. For example, auditors can identify all transactions within an account processed by a certain individual or exceeding a certain amount. The proposal would clarify the factors the auditor should consider as part of that investigation, including whether the identified items represent a misstatement or a control deficiency or indicate a need for the auditor to modify its risk assessment or planned procedures.
The public can learn more about submitting comments on PCAOB proposals at the Open for Public Comment page.
Earlier this month, a PCAOB staff report found that the use of crypto assets presents unique audit risks to public companies and broker-dealers and requires an appropriate risk assessment and audit response by audit firms