Saturday, September 9, 2017

AI and the Audit: What does a robot need to audit your numbers?

In the previous post, we examined the value propositions that Appzen's AI brings to auditing expense reports.

In this post, we analyze what insights we can extract from Appzen when it comes more broadly to applying AI to the external financial audit.

The following gives a refresher on how the Appzen AI audit works:




Based on this we look at a number of factors that exist in this process to develop

Standardized process:
The expense report process that has been fairly standardized for over a decade: employees submit a digitized report of what they spent, expense codes, commentary and all the supporting documentation (e.g. receipts, invoices, etc.).  This is similar to how factories needed an assembly line before they could be automated.

Standardized capture and presentation of audit evidence:
I think this is a key piece: the actual audit evidence (i.e. receipts) must also be included in what's submitted to the auditor. As the evidence is provided in a standardized format, it enables machines to analyze these digitized source documents to run the necessary correlative models to run the risk scores and enables the automated analysis.

Audit evidence retains its chain of custody through the digitization process:
The auditor does not need to expend additional resources verifying that the evidence actually relates to the item being audited, nor do they have to expend additional resources ensuring that the independence of the evidence wasn't lost through digitization process. For example, when receiving a bank confirmation the auditor needs to ensure that this received directly from the bank and not the client.

Evidence provider identity is verified and contractually obligated to follow-up with the auditor:
The party submitting the audit evidence, the employee, has been verified in the system through the employee onboarding process. The implication of this is that the auditor doesn't have to expend audit resources confirming the identity of the evidence provider. Secondly, and perhaps more importantly, the auditor doesn't have to expend significant resources following up with the evidence provider. For example, not all customers will respond to accounts receivable confirms and then auditor will have to perform alternate procedures.

Evidence provider has incentives to produce the proper evidence: 
The previous point is closely related to the issue of incentives: if the employee fails to provide evidence then they will not be reimbursed. This puts a strong incentive on the employee to provide the evidence in a timely manner.

Provider of the evidence is trained on providing evidence:
The employee has been trained to provide complete, accurate and valid evidence. They also have access to help if they have issues with submitting expense receipts or understanding whether that evidence will be accepted.

Violations can be clearly defined and examples of violations can be taught to the system:
For fraud or errors to be flagged there needs to be rules that can be fed into the system to identify whether the item submitted needs further review or audit. For example, if the amount on the receipt doesn't match this would be flagged and has a high likelihood of error. But more importantly,  the examples of violations identified can be fed into the system to teach the system (via machine learning) what to look for.

In a future post, we will use these factors to look at how easily (or not) AI can automate financial audits.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

No comments: