Predicting and preparing for the future of audit
EY wealth and asset management leader Antoinette Elias outlines the developments happening in the audit space right now and how the regulatory bodies and the industry should respond.
What stage is audit technology at now?
As you would expect with the process of automation, a lot of the tasks that are operational in nature and non-judgemental. So basically when you’re looking at auditing part of the auditing process, then the tasks that are ripe for that type of opportunity are really the ones that are operational in nature, and non-judgemental. So we’re definitely seeing those types of tasks are continuing to be automated.
What are some examples of that?
There are a number of software tools out there that can automate much of the audit file preparation sets, so that’s one part of the audit that’s being automated and make the process of associating documents as audit evidence less time consuming so they’re probably two examples of automation in the auditing process.
In addition to that, there are financial elements of the audit that are now increasingly being automated with suitable reliance on data feeds and other electronic evidence so that’s another example of where it can be automated. In some cases, this is probably less so, but in some cases the compliance procedures are also being automated. But in relation to compliance procedures, data structure and quality are often a limiting factor constraining the ability to automate currently, especially if the fund is older and has older procedures with the way it holds its data and things like that, so it is quite significant and extensive in terms of what is able to be automated.
Over the short term, what other developments can we expect to see in the audit space?
I think the level of change that’s happening in this space is changing quite quickly and we have seen the competition, especially in the SMSF technology space really ramp up in the past few years. And I would say that’s going to continue, increasing the level of automation, more data feeds, more seamless document exchange programs... just some of the example areas where there’s continued improvement.
What do you think the audit space will look like in five to 10 years and what sorts of changes do you see happening to the industry overall?
It’s hard to really project out into the medium and longer term, but I think the themes that we’re seeing now ... look we’re really only at the start of this so you would think in five years, the sophistication of the technology and the amount of things that can be automated will continue to increase. I think what will then happen is that to the extent that that automation process actually frees up resources, those resources will be redeployed to more analysis of the data, so things like big data, what else can be gleaned from analysing the data, seeing how different service providers fit in together like software vendors, administrators, fund accountants... all of those things will start to come together more seamlessly and actually the end result should really be that customer service, service delivery and efficiency are all improved, for a lower cost.
Now the other thing in that in the next five or so years that will come to the fore and will become a focus area to ensure that whilst the pace of change from a technology point of view continues to evolve, very important issues such as data security, privacy, who should be handling information is very critical and will continue to be even more critical so the technology that gets developed must be in sync with ensuring those types of issues are not compromised so you need a lot of care, protection and security to ensure the privacy and the data security is protected.
What will they have to do to make sure the data is secure?
I think when you look at the big audit providers, we’re obviously one of those firms... we have very high internal procedures that ensure that our client confidentiality is maintained, that we are complying with the laws etc. And I just think that onus is only going to increase, it’s not going to reduce. And that’s why big audit providers are dedicating a lot of resources for complying with these requirements, building best practice, procedures, processes, access, all of those things that you would normally implement in a physical audit we will continue to build into an automated audit.
Are there any technological developments happening in other sectors or industries that perhaps could be applied to auditing in the future?
Yeah, look, it is interesting because what we’ve seen in the whole automation process is that the underlying technologies, the core technologies are able to be adapted in application to other business needs, so the robotics and all that kind of technology can be applied to more than one business issue or business process so definitely the technology of automation has wide application across industries, across processes, whether they be audit, they can also be applied in tax preparation calculators, they could be provided in a level of providing financial advice, and can actually if you look out further, lend itself very well to managed services, so where an entity then actually outsources part of its core process to an external party and entered into managed services arrangement, again that technology lends itself to that as well.
Are there any regulatory challenges in automating the process?
Technology is moving fast and often what we find when things move quite quickly [is] that the auditing standard and the regulators sometimes struggle to keep at pace with that change so as we look for increasingly technology enabled audits, care must be taken to not compromise quality and customer service and of course regulatory compliance and there’s a whole range of regulatory compliance. I referred earlier to the privacy and data security as just two examples, so in relation to that I think any organisation that’s looking to adopt an automated process, whether it be to undertake audits or any other process, then one of the key ingredients to success is to make sure that they consult properly, in terms of how that will actually be implemented so that there isn’t a breach of the regulatory requirements, and actually even talking to the regulator about how something is automated is also another good way to one, let the regulator know but also act as an impetus if regulatory changes are required to keep the pace with those changes, if the regulator is actually hearing from the right people and is informed in that process.