In the years since the American Institute of Certified Public Accounts (AICPA) issued its Risk Assessment Standards in 2006, accounting professionals have been both effusive about and frustrated by their experience following the guidelines those standards put forth.
CPAs who like the standards appreciate that they direct auditors to understand the company, its environment, and its industry before they attempt to clarify the parameters of the audit plan and the risks that the company might face.
On the other hand, CPAs, especially those with smaller firms and larger caseloads, found that the added effort to discern company particulars often wasted their time and was a deviation from their preferred methodology.
Why assess for risks
The purpose of the Risk Assessment Standards is to assist the auditor in identifying material misstatements in financial statement audits and to design performance procedures that are responsive to assessed risks. The standards were designed specifically to catch those nuanced errors or omissions that slide under the radar of the “typical” audit, which uses standardized methodology regardless of the type of business or the industry in which it exists.
In his 2012 whitepaper, Charles E. Landis, CPA, AICPA Vice President of Professional Standards and Services, presented the standards as a response to the “80/20” rule. He suggests that traditional audit plans respond to 80 percent of the general audit risks and that the rules were designed to respond to “the other 20 percent, the significant risks that contain the highest risks of error or fraud.”
Technology offers options for internal audits
In the decade since the issuance of those standards, digital technology for the purpose of forensic accounting has transformed those processes, just as it has transformed every other industry. Through the use of analytical software, today’s CPAs have reams of data that can be measured against every aspect of the enterprise, clarifying mistakes, balancing accounts and, most importantly, assessing for risks that had previously been hidden deep inside “the other 20 percent.”
For you, the CTO, the arrival of the new tools couldn’t have come at a better time. Technology has impacted the entire global industrial complex, creating astonishing gains but also possibly posing even greater threats. There are few days anymore when there isn’t a report of a major theft or massive breach of data security somewhere in the world. And, in a significant number of those cases, the perpetrators of the crime are revealed to be insiders of the victimized company. Today’s forensic accounting tools are designed specifically for assessing and identifying both the risk and the actuality of insider fraud within your organization.
The question for you to answer, then, is not if but when to embrace the auditing tools that will enhance your company’s assurance that all risks have been identified and accounted for and that your enterprise is safe from both external and internal breaches. At DFND Analytics, our proprietary system of deterrence provides you with greater oversight of internal operations, so you know you are protected from employee fraud.