,

4 Key Steps for Auditors in Assessing Technology Risks

Emerging technology has brought a seemingly endless set of new risks to the clients that engage CPAs to perform audits. It is are altering the financial reporting environment substantially, and this change is accelerating. For example, artificial intelligence (AI), robotic process automation, and blockchain are changing the way business gets done, and auditors are leading by transforming their own processes.

Unauthorized personnel can wreak havoc, data can get lost or become inaccessible, and third-party providers can be unreliable. Meanwhile, avoiding all these risks by avoiding the latest technology also can put a client at risk of failing due to a competitive disadvantage.

Some of the challenges associated with technology are addressed in a new Center for Audit Quality (CAQ) resource for auditors, audit committees, and management, Emerging Technologies, Risk, and the Auditor’s Focus. (The CAQ is affiliated with the AICPA.)

According to the publication, key steps for auditors in a changing technology environment include:

  • Maintaining sufficient professional skepticism when reviewing management’s risk assessment for new systems.
  • Understanding the direct and indirect effects of the new technology and determining how its use by the entity affects that auditor’s overall risk assessment.
  • Understanding how the technologies impact the flow of transactions, assessing the completeness of the in-scope internal control over financial reporting systems, and designing a sufficient and appropriate audit response.
  • Assessing the appropriateness of management’s processes to select, develop, operate, and maintain controls related to the organization’s technology based on the extent the technology is used.

The publication states that auditors also should gain a holistic understanding of changes in the industry and the IT environment before designing audit procedures. And if specialized skills are needed to determine the impact of new technologies, auditors may need to involve a subject-matter expert.

 

Reference

https://www.journalofaccountancy.com/news/2019/may/assessing-technology-risks-tips-for-auditors-201921212.html

https://corpgov.law.harvard.edu/2019/07/08/emerging-technologies-risk-and-the-auditors-focus/

https://www2.deloitte.com/us/en/pages/advisory/articles/internal-audit-anticipating-risk-of-new-technology.html