Using automated tools and techniques in audit
Automated Tools And Techniques (ATT) in Audit
ATT is a broad term describing the tools and techniques auditors use in performing audit procedures. The term is deliberately broad because technologies and related audit applications will continue to evolve, such as artificial intelligence applications, robotics automation processes, and others.
Although the term “data analytics” sometimes refers to such tools and techniques, data analytics is more focused on data extraction, analysis and visualization. ATT provides more functionalities than the conventional data analytics.
In applying the auditing standards, an auditor may design and perform audit procedures manually or using ATT, and either technique can be effective. Regardless of the tools and techniques used, the auditor is required to comply with the standards. In certain circumstances, when obtaining audit evidence, an auditor may determine that the use of ATT to perform certain audit procedures may result in more persuasive audit evidence relative to the assertion being tested. In other circumstances, performing audit procedures may be effective without the use of ATT.
Preparing audit documentation
CAS 230, Audit Documentation does not differentiate between using ATT and manual tools and techniques in the audit documentation requirements. However, using ATT may result in different documentation considerations:
- results of audit procedures performed
- significant matters arising during the audit
- form, content, and extent of audit documentation
- using iterations of audit procedures by applying filters to the data before arriving at a result
Special considerations for how the firm’s approval of technological resources may affect the auditor’s documentation, such as :
- the data inputs are appropriate and the confidentiality of data is preserved
- the IT application operates as designed and achieves the purpose for which it is intended
- The output of the IT application achieve the purpose for which they will be used
- it is clear how users are required to interact with and use the IT application and users have appropriate support
- The general IT controls necessary to support the IT application’s continued operation as designed are appropriate.