In July 2013 the AICPA issued an Exposure Draft titled Audit Data Standard. The following month, the first three Audit Data Standards (ADS) were released, including a base standard and standards for general ledger and accounts receivable sub-ledger.
Why is this significant? Is it just for CPAs involved in external audit, or does it have implications for all involved in internal audit, risk and compliance?
My summary answer to both these questions is that I think this is an important step forward that is going to help address one of the most basic practical issues in implementing data analytics and a data-driven approach to GRC.
Without exception, every time I ask a conference audience to identify the biggest challenge they face in using data analytics, the response is “getting the data”. There are many reasons why getting access to the right data at the right time can be difficult and just having a standard definition of data requirements for a given area does not remove all the barriers. But it is certainly a help and opens a number of doors for future developments that will make it increasingly easy to take a more efficient and effective approach.
What are the Audit Data Standards?
The ADS define a standard format for the files and fields typically needed to support audit of a given financial business process area. The standards also include questionnaires, effectively checklists, of the things that need to be considered to ensure that the data to be accessed is a complete and valid population. While the AICPA’s immediate objective is to support the financial statement audit process, in practice there is a high degree of overlap between the data requirements for external audit, internal audit and compliance testing.
What are the benefits?
As there is wide variability in the file and field names and data types in underlying accounting and ERP systems, the objective of the ADS is to produce data in a standard structure that can then be used consistently across financial audits of most organizations. This has a number of specific benefits:
- Reduces the time and effort involved in accessing data by
- providing a precise request to IT, or other data owners, of what data is required and the format in which it should be provided
- reducing the risk that incorrect or incomplete data will be provided by IT
- reducing the need for IT specialist involvement
- Enables the use of standard audit and risk analytics to be run against data sets in specific areas
- Opens up the opportunity for software vendors, such as ACL, to produce ADS extractors for given ERP’s
The AICPA task force on the Assurance Services Executive Committee is already working on Audit Data Standards for other key common audit areas. As this initiative gains traction it would seem to make sense for other professional bodies to be involved so that data standards are developed and used on a widespread basis within audit, risk and compliance functions. It is easy to imagine that this approach could extend to more specialized areas in industries such as finance, insurance, healthcare and utilities.
At ACL, we have developed our own approach to the issue – using a basically similar approach to the ADS. We refer to it as a Standard Data Model and it underlies our solution approach and increasing use of standard test analytics. While I think there is a lot we can do at ACL to promote and support this approach as a leading software vendor, I think there are clear benefits for all when a professional body defines standards in the way that the AICPA has recently done. I have been impressed by the thoroughness and practicality of the information included in the ADS and think it’s a great starting point.