Continuous Auditing –Where we are, how to improve and where we need to go

2

“At Deloitte we’re investing several hundred million dollars in data analytics and

artificial intelligence with some cutting-edge applications that we really believe

differentiate us and our audit approach.”

Translating Our Mission to Our Audits

› Delivering Quality to Stakeholders & a Great

Experience to Clients

› Engaging the Minds of Our People – Reducing Low-

Value Activities & Leveraging Data

› Managing Firm Risk & Results – The Value

Proposition

3

Considerations

4

People & Change

Management

Methodology

Technology & Data

Quality & Oversight

Other Practice Mgmts. Impact

Capacity to Invest

› Consider capacity for investment

• National firms (38) with revenues > $100M (excluding

international networks)

› Combined revenue – $15B

› Average – $400M; range: $100M to $2B

• International firms (4)

› Combined revenue – $52B

• Firms #43 to #300

› Fee range: $10M to $99M

5

Source: Inside Public Accounting 2017 IPA 100 firms

Building the Future Audit

› Established 2016

› Joint venture focused on audit

technologies

6

› BKD’s National Director of Assurance

Services – June 1, 2017

› Strategic Plan – Audit of the Future,

version 1.2 & evolving …

› A different client environment at the

middle-market

AICPA Dynamic Audit Solution

› BKD investment, $60M total by major firms

› Investment in methodology to advance standards

› Done in partnership with a technology partner

› Self-disruption to maintain relevance & serve the

public & the profession

7

Key Data Advances Require

› Ingestion & connection capabilities

› Standardized taxonomies or normalizing

› Access to data for machine learning

› Continued investment in system training (AI)

› Human insight

› MOST IMPORTANTLY

• Ability & interest commensurate to the cost

8

ToolsPortfolio of Tools & Human Implications

9

Commonly Deployed Tools

› Ledger Systems, Microsoft Office, CAATs

• Pros – familiarity, customization, baseline objectives

• Cons – functionality limits, customization, limited

visualization, limited automation, disaggregated data,

version control (& how cloud is changing)

• Specific Excel issues

› Data integrity & access/control

› Advancement – PowerPivot, PowerBI, etc.

10

Integrators & Low-Code Environments

› Duplication & inconsistency challenges – particularly

with “independent” data

• Integrators: Attunity, Informatica, Microsoft, MuleSoft,

SAP, SAS, snapLogic

› Development to obtain data vs. low-code

environments to create systems (build vs. buy)

• Providers: Nintext, Appian, Intapp, Agiloft, Amelio

• Web-based inquiry & portals

11

Robotic Process Automation (RPA)

› A true human threat in low-value activities

• Picture a typical AP department

• Audit application & current practical limits

• Advanced OCR plays a role

› “Robots” – a digital workforce, but not physical

machines

• Repetitive actions or rule-based decision making

12

Artificial Intelligence/Machine Learning

› Artificial intelligence – pattern recognition, language

processing, predictive analytics, etc.

› Flags conditions & identifies options but requires

human assistance to obtain the data & interpret final

results

13

Internal Audit Example of Control TestingWhere are we? What can we improve right now? Where

do we need to go?

14

Still Need to Start with Risk!!!

› Important to remember to stick to the plan, but be flexible

• Risk Assessment

• Audit Plans

› Risk Assessments

• External audit risk assessment

• Internal operational risk assessment

› Is there a difference?

› BE EFFICIENT!!!

15

Internal Control Testing - External

16

External Audit Key Internal Controls

HR-1Annual approval of compensation policy and approval of pay scale by Compensation Committee is documented within signed minutes and through related policy dates.

HR-2

HR associate enters new employee and other changes in payroll records based upon completed HR change form completed by department heads. HR Change forms are signed by department managers and reviewed by hiring manager. All new payroll employees must fall within the pre-approved salary range and if outside is approved by the Compensation Committee and documented as such.

HR-3HR Payroll Manager completes a payroll check back on semi-annual payroll reports to ensure they were reviewed before and after final payroll is processed. The check back is supported by sign-offs and retained for audit.

HR-4

Human Resource Information Specialist (HR IS) is alerted when access to Payroll Software is requested, either addition of EE, termination of EE or change in access duties. HR IS reviews and sends request to IT specialist through ticket system. Change is documented within the IT Change management system.

HR-5Quarterly, Director of HR reviews Payroll System access reports. Access reports are reviewed against prepopulated duties.

HR-6Payroll accruals (including payroll wages, taxes, 401k) are made by Finance team member and reviewed by a Finance Manager on a monthly basis (account reconciliation).

HR-7Payroll related financial accounts are reviewed against budget by Finance and reported to the Board of Directors.

Operational Audits - Internal

17

Operation Audit Procedures

HR-1

1) Ensure updated policy is within one year or reasonable timeframe

2) Ensure updated policy is stored within Policy share file

3) Ensure pay scale is stored in secured HR drive and approved within the minutes of the Compensation

Committee

HR-2

1) Agree new EE to W-4, background check and credit report

2) Agree salary, benefits and tax elections to completed forms or on-line portal

3) Ensure personnel file contains resume, completed application

4) Ensure completed fields in HR system agree to approved hiring sheet or fields are terminated with eliminated

EE

5) View all signed hiring / termination sheets

6) Test that payroll changes / new EE pay is within policy and if not is approved by the compensation

committee

HR-3

1) Review payroll reports and view HR Payroll Manager reviewed via electronic signature

2) Test payroll reports that were approved for clerical accuracy

3) Test that payroll reports were properly recorded to the general ledger

HR-4

1) From IT change management system select population of requested changes

2) Test sample for proper approval of changes by the HR IS to the IT specialist

3) Test duties of sampled EE's against standard duties sheet. Obtain explanations for anomalies

HR-5 1) Obtain quarterly review reports for proper documentation of review by Director of HR

HR-6

1) Agree accruals to supporting payroll reports

2) Ensure mathematical accuracy of accrual and reconciliation (including imprest accounts)

3) Review approval and review by Finance Manager of the payroll account activity

HR-71) Review financial analytical review against budget, including mathematical accuracy

2) Complete predictive analytic of the payroll accrual balances

What Can We Currently Improve?

› Complete integration of internal control testing and operation testing

› Encouraged for internal control testing to be quarterly if frequency matches

› Continuous updates to operation audits in conjunction with internal control testing requirements

› Provide value to stakeholders

• Can statistical information be added to bring value from a numerical / chart presentation

• Be real-time with risk (or as close as possible)

18

OutlookWhere Are We Headed/What Can You Do?

19

Today’s Reality

› More data available than ever before with less

understanding about limitations

› Changed expectations vs. limited investments

› Beware of or embrace “spin?”

› Beware of overestimating return & underestimating

investment, particularly time

› Evaluate change in incremental terms

› Human beings (adoption/support) are critical

20

Considerations – Implementing Tech

› A solution in response to or in search of a problem?

› Simple & elegant?

› Scalable & sustainable?

› User-focused & human-assisted

› Culturally consistent or creating cultural change?

› Practical & effective in cost/value assessment?

21

Human Implications

› Low-value activities in high-volume environments are

ripe for automation

• Positive for public accounting

• At risk: clerks & other “inputters”

› Data that can be ingested & normalized creates

significant analysis opportunities

› Barriers to conceptual AI potential are difficult—but

not impossible—to overcome

22

Audit Considerations

› Low-hanging fruit

• Cleaning up data (redundancy/efficiency/leverage)

› Change

• Watch audit standards closely for future implications

› Stay informed

• Threats to the service – particularly componentization

from tech

› Invest

• Best tools relevant to your client base & challenges

23

Private Company Considerations

› Work with IT

• Understand reporting capabilities/challenges

› Investigate visualization opportunities

› Identify low-value/high-volume activities

• Efficiency & quality opportunities

› Pay attention to the cloud & cybersecurity

› Manage audits with better data

24

bkd.com | @bkdllp

The information contained in these slides is presented by professionals for your information

only & is not to be considered as legal advice. Applying specific information to your situation

requires careful consideration of facts & circumstances. Consult your BKD advisor or legal

counsel before acting on any matters covered.