AUASB urges auditors to adopt ‘data strategy’ to prevent mishaps

Auditing Data AUASB

With enterprise systems increasingly relied upon to directly access client records, Australia’s Auditing and Assurance Standards Body (AUASB) has advised auditors to develop a clear “data strategy” to avoid data handling mishaps, improve information management, and ensure audit processes are properly documented.

The AUASB’s latest publication covers critical issues for auditors when examining the integrity of clients’ data, including a basic framework for developing a fit-for-purpose data strategy.

The publication is the first of a two-part series to guide auditors in the responsible collection, transformation and usage of client data, which is of particularly pertinence as regulators place greater emphasis on the documentation of these activities.

“Being able to access and utilise client data, in some instances, is becoming fundamental to executing a quality audit and is being facilitated by technology which allows auditors to capture, store and analyse data in a more effective way,” the publication said.

The AUASB is an independent government body responsible for developing and maintaining national standards for audit and assurance practices.

The AUASB acknowledges that its publications are intended to fill a gap while the International Auditing and Assurance Standards Board (IAASB) revises its own ‘ISA 500 Audit Evidence’ standards to address emerging technology challenges.

While not currently mandatory, the standards body has urged auditors to adopt a “planned approach to data”, believing it key to an overall audit strategy.

According to the AUASB, a data strategy should include: objectives for data collection; determination of the type of data required, its location, and how to extract it; where the data should be stored once extracted; and who will be accountable for collecting and transforming data.

The publication also walks through what can go wrong during the collection and transformation of data, as well as providing guidance on how to document audits and securely retain client data.

Among the potential risks flagged by the AUASB in the data collection and transformation process include data alteration, incorrect data mapping and interpreting of key information, and issues of data corruption, limitations around data availability and high-volume extractions causing system crashes.

In the past year, information security has emerged as an all-round focus for the AUASB, with the standards body releasing a publication in May alerting auditors to the potential impacts of cybersecurity risks on disclosures stated in financial reports.

Meanwhile, an advisory group has been established to help AUASB monitor and respond to the impacts of technology on audit and assurance practices.

Looking ahead, the body’s second data-focused publication will include guidelines to determine the reliability of data collected and transformed, as well as how to document this.

AUASB’s Integrity of data obtained for the purpose of an audit of a financial report bulletin can be accessed here.