The PCAOB has issued for public comment a proposal designed to improve audit quality and enhance investor protection by addressing aspects of designing and performing audit procedures that involve technology-assisted analysis of information in electronic form. The proposal includes changes to update aspects of AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement.
Existing PCAOB standards relating to audit evidence and responses to risk were issued by the Board in 2010. Since that time, companies have greatly expanded their use of information systems that maintain large volumes of information in electronic form. As a result, auditors have greater access to large volumes of company-produced and third-party information in electronic form that may potentially serve as audit evidence. Meanwhile, some auditors have greatly expanded their use of data analysis tools.
Although the PCAOB staff’s research indicates that auditors are using technology-assisted analysis in audit procedures, it also indicates that audit quality would benefit if our standards included additional direction addressing specific aspects of designing and performing audit procedures that involve technology-assisted analysis.
The proposal seeks to improve audit quality by reducing the likelihood that an auditor who uses technology-assisted analysis will issue an opinion without obtaining sufficient appropriate audit evidence. In particular, the proposal would bring greater clarity to auditor responsibilities in the following areas:
Using reliable information in audit procedures: Technology-assisted analysis often involves analyzing vast amounts of information in electronic format. The proposal would emphasize auditor responsibilities when evaluating the reliability of such information. For example, when auditors test a company’s controls over electronic information, their testing should include controls over the company’s information technology related to such information.
Using audit evidence for multiple purposes: Technology-assisted analysis can be used to provide audit evidence for various purposes in an audit. For example, performing risk assessment procedures when planning an audit and performing substantive procedures in response to the auditor’s risk assessment. The proposal would specify that if an auditor uses audit evidence from an audit procedure for more than one purpose, the auditor should design and perform the procedure to achieve each of the relevant objectives.
Designing and performing substantive procedures: When designing and performing substantive procedures, auditors can use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation. For example, auditors can identify all transactions within an account processed by a certain individual or exceeding a certain amount. The proposal would clarify the factors the auditor should consider as part of that investigation, including whether the identified items represent a misstatement or a control deficiency or indicate a need for the auditor to modify its risk assessment or planned procedures.
Throughout the proposal, the Board requests comment on specific aspects of the proposed amendments. Readers are encouraged to answer these questions, to comment on any aspect of the proposal, and to provide reasoning and relevant data supporting their views.
The public can learn more about submitting comments on PCAOB proposals at the Open for Public Comment page. The deadline for public comment on the proposal is Aug. 28, 2023.