How auditors benefit from access to client authorised transactions
Auditors are under more pressure than ever to improve audit quality.
High-profile corporate failures and incoming regulatory changes (such as ISA 240 and ISA 315) are leading to audit firms seeking to reduce their risk by incorporating testing that goes beyond traditional sampling techniques.
This is being driven by technology that can pull in authorised transactional data and through analytics capabilities that identify anomalies and outliers. Over the longer term, there is the potential to move towards sampling 100% of all transactions.
Using technology to do this heavy lifting automates and streamlines processes and allows audit firms to complete work that exceeds human capabilities. It also reduces the time needed to complete jobs and provides a better, more light-touch experience for clients.
The problems today
Until recently, it’s been hard to access client data.
Often clients provide documentation of transactional data in the form of PDF bank statements or downloaded output from their bank accounts or general ledger as CSV or Excel files. Manually sending files over email or uploading them onto servers can pose security risks. Data may be sent to the wrong individuals accidentally or could be intercepted by third parties.
Additionally, data sent to auditors from clients that doesn’t come from source may have been tampered with. For example, bank statement PDFs may have been edited to post incorrect transactions to hide fraudulent ones.
While bank balances are normally confirmed by letters, this process is slow and time-consuming. Writing letters and posting them can drive down the profitability of audits and delay jobs getting completed.
Overall, these processes are arduous and create a poor experience for audit clients who may be under pressure to get their audits signed off from investors and want to reassign internal finance staff to business-as-usual tasks.
What types of transactional data be accessed, and how?
New technological developments and legislation changes now make it possible to access authorised client data directly from the source.
This includes Open Banking, which allows businesses and consumers to have more control over their financial data by allowing them to share it securely with third parties. Open Banking was initially mandated (as part of PSD2) for the nine largest banks in the UK, but many other financial institutions have rolled out similar functionality to their customers. For the first time, audit clients can securely share transactional data from their banks directly with their auditors.
Through Account Information Service Providers (AISPs) accredited audit technology platforms, they can approve and grant access to transactional banking data via Open Banking APIs.
Similarly, these platforms offer access to other types of wallets, including Paypal, prepaid e-wallets, currency transfer and crypto, meaning non-traditional assets can also be taken into account.
What are the benefits of accessing transactional date in this way?
Streamlined client communications
Access to client authorised data through AISP platforms streamlines client communications and audit experience. Requests for transactions from a specific time period or ongoing access can be granted at the click of a button. Also, this removes the risk of clients tampering with transactional data.
Auditors can be confident that they are receiving a secure data stream directly from their clients that is complete and accurate. They can work independently as outstanding transactions will only need to be chased in the rare instances where authorisations need to be renewed either due to lapsing (over 90 days) or from access being revoked.
Accessing client-authorised transactional data is secure as it takes place through platforms rather than less secure methods such as email.
Ongoing read-only access can be granted so auditors can investigate post-balance sheet events, with clients having full control to revoke access at any time.
Generating client-authorised transactions directly from financial institutions through an AISP platform allows auditors to access data in a standardised format across accounts available.
This overcomes the need to manipulate data across various formats, including PDFs, manually entered bank statements and CSV downloads to get them ready for audit tests.
Standardisation also creates opportunities to go beyond traditional audit tests by ingesting data into analytics models. This will be detailed fully in a later post on our blog.
Automated data matching
Many parts of substantive testing relate to cash transactions to check whether payments have been made or received. As well as saving time from data collection, the output can automatically match transactions across the general ledger and bank accounts. The matching should just take a few seconds to run, and manually tracing to the bank becomes a thing of the past. These automation capabilities also enable auditors to increase sample sizes without additional work to increase the scope of audits.
Boost client collaboration and improve audit quality
Access to client-authorised transactional data can boost collaboration as well as improve audit quality. It helps streamline processes and client communications and can reduce resources needed from audit staff, resulting in audits completed to a higher standard with lower costs.
At Circit, we work closely with auditors experiencing the need to verify transactions in their engagements. Through these conversations and working relationships, we developed Circit’s Verified Transactions to provide real-time access to independently verified business transactions. Circit is a directly regulated AISP, adding an extra layer of dependability and security, working directly with auditors to develop and deliver a new standard of quality.
Learn more about how VT can have a huge positive impact in our blog article on Best practice advice for busy season and in our blog on 5 insights on enhancing audit processes with technology.
Alternatively, you can request a demo of Verified Transactions and see it in action yourself.