Adoption of new technologies, such as big data and artificial intelligence (AI), will transform the accounting and auditing professions in positive ways yet must be paired with robust auditor review and oversight. Donny Shimamoto, CPA, CITP, founder and managing director of an advisory-focused CPA firm, spoke on this topic at the Fall 2023 meeting of the AICPA’s Government Performance and Accountability Committee (GPAC).
According to Shimamoto, big data has four main characteristics: volume, variety, velocity, and veracity (i.e., data uncertainty). When data is entered into accounting software, financial statement users are trusting the report is accurate. Government auditors have an important role: to verify that the original data input agrees to the financial statements and other special reports.
New technologies will also create expanded audit trails. For example, electronic procurement processes automatically document date of purchase, the individual who initiated and approved the purchase, amount of invoice, and date the purchase was received. Having this “time stamped” detail can help auditors identify inconsistencies in a procurement process and answer questions such as, “Does the amount of goods received agree to the purchase amount? Are there segregation of duties issues?” Auditors can focus on these inconsistencies rather than performing random tests across a large population of expenditures. This change in focus will require auditors to understand new technologies and the controls surrounding these processes, as well as document whether they are operating effectively.
Furthermore, AI, in the form of machine learning, can process thousands of data points across a series of scenarios to determine which are relevant, apply the inferred rules to a similar set of data, and predict outcomes. Although machine learning can augment auditors’ work, Shimamoto maintains that auditors need to consider the risks for incorrectly interpreting a transaction. A review process should be in place to ensure the effectiveness of AI procedures, and controls are needed to verify the accuracy of output information. Auditors will need to understand ecosystems of applications and the ways integrations work. System design, as well as both manual and automated controls, must be considered to ensure the veracity and completeness of the data.
AI will not replace auditors, according to Shimamoto, but enhance the services they provide. Audit teams will expand to include information technology specialists and data scientists. Auditors can increase their value to an organization by helping improve governance, risk management, and internal controls related to AI as it is used throughout the organization. Although risk quantifications (data) can help inform risk assessments, professional skepticism and auditor judgement cannot be automated.