In the 1980s and 1990s, large audit organizations moved away from hard copy audit files and working papers because of the difficulties in sharing and collaborating on physical files. This was the first major technology transition for the audit profession in many decades.
However, the situation only marginally improved, with processes and technology solutions becoming centered on simply using electronic documents. Information gets trapped inside documents and spreadsheets, where it effectively becomes “dark data”: impossible to search, reference, analyze, export, report on or access on mobile devices. These are all key demands of today’s large audit teams—and for data intelligence to support insights and decision making.
While the issues with document-based auditing center around dark data, other dangers also lurk. The key problems created by the legacy of the document-based approach to electronic working papers and audit management include the follow 7 risks.
1. Information inside documents or spreadsheets is “dark.”
Data intelligence cannot be efficiently accessed by reporting systems, data analysis tools or mobile devices, severely impairing the value of that information in delivering key business insights.
2. Documents aren’t databases (thus don’t protect data integrity).
Embedding audit process metadata (i.e., tick marks, review notes, auditor commentary and, especially, inter-document links and references) into document files creates significant data integrity risk. Documents are not able to enforce referential integrity and other core systems architecture principles that put data durability controls in place. Systems that rely on deep document integration are therefore prone to data loss when files are corrupted, edited in conflict by disparate users, or moved between locations that break references and relationships. This also causes slow performance, as documents simply cannot perform at the level of database-driven systems.
3. Information inside documents or spreadsheets cannot inherently maintain its relationships to other information.
Again, since documents are not databases, there is no mechanism to create and maintain a relationship between data in different files. Hyperlinking and other document-embedded features implemented by many audit technologies are therefore inherently unreliable.
4. Rolling forward audits is difficult and highly manual.
When primary audit documentation is captured in documents, it is impossible (or very dangerous) to update programmatically. Therefore, when rolling an audit forward, all data must be updated manually to avoid erratic behavior.
5. Exporting and archiving outside the software is impossible.
Hyperlinking information inside and between documents—referred to as “deep linking”— necessitates document-embedded metadata, with references stored in the software system. Since a link from inside one document to another depends on this externally stored reference, it is impossible to archive or export an audit project outside the software without breaking those links.
6. Dependencies cause software version conflicts and difficult upgrades.
As Microsoft Office or other document editing software applications are updated and file formats change, integration dependencies often break the compatibility of the audit software. This leads to situations where, for example, a new Office version forces an upgrade of the audit software or changes the embedded metadata (again causing data integrity risks). Even in the best case, upgrades require rigorous testing, which causes lengthy delays in upgrade implementations.
7. Requirement for burdensome “thick client” technology.
Creating and managing document-embedded metadata requires that these legacy audit software systems include a locally installed application or complex web browser plugin. Because they are hosted individually on local machines, these applications create significant IT administrative burdens, including high-maintenance installation rollouts and upgrades, and compatibility issues.
Have you encountered any of these risks in your working environment? Want to break free of document-based auditing?
White paper: The 7 dangers of document-based auditing
This white paper further details the dangers of dark data and document-based auditing, how to avoid dark data, dealing with change management and the benefits of changing, and includes a quick symptoms checker. Learn from ACL’s Chief Product Officer, Dan Zitting, about: