Seven dangers of document-based auditing


Dan Zitting, CPA.CITP, CGMA, CISA, GRCA

Chief Product Officer, ACL

From the 1980s and 1990s, large audit organizations moved away from hard copy audit documents and working papers because of the difficulties in sharing and working on physical documents. This is the first big technology transition for its audit profession in many decades.

On the other hand, the problem only marginally improved, with processes and technology solutions becoming focused on simply using digital documents. Data becomes trapped inside documents and spreadsheets, in which it effectively becomes “dark information”: impossible to search, mention, analyze, export, report online or access to mobile devices. All of these are vital demands of the large audit groups–and for information intelligence to encourage decision and insights making.

While the difficulties using document-based auditing center around dark information, other dangers also lurk. The crucial issues generated by the heritage of the document-based method of digital working papers and audit control include the follow 7 risks.

1. Information inside documents or spreadsheets is “dark.”

Data intelligence cannot be effectively accessed by reporting systems, information evaluation tools or cellular devices, seriously impairing the value of that information in providing key business insights.

2. Documents aren’t databases (thus do not protect data integrity).

Embedding audit process metadata (i.e., tick marks, inspection notes, auditor commentary and, especially, inter-document links and references) into record files creates substantial data integrity risk. Documents aren’t able to enforce referential integrity and other core systems structure principles that set data strength controls set up. Systems that rely on heavy record integration are so more likely to data loss when documents are corrupted, edited in conflict with disparate users, or moved between locations that break references and relationships. Additionally, this causes slow performance, as documents simply aren’t able to perform in the amount of both database-driven systems.

3. Information inside documents or spreadsheets cannot inherently keep its relationships to other information.

Again, because documents aren’t databases, there’s absolutely no mechanism to make and maintain a connection between information in various documents. Hyperlinking and other document-embedded features implemented by many audit technologies are thus inherently unreliable.

4. Moving forward audits is hard and extremely manual.

When principal audit documentation is captured in documents, it’s impossible (or very hazardous) to upgrade programmatically. Therefore, when rolling out an audit ahead, all information must be updated manually to prevent erratic behavior.

5. Exporting and archiving beyond the computer software is impossible.

Hyperlinking information inside and between documents–called “deep linking”– necessitates document-embedded metadata, with references saved in the software system. Considering that a link from inside one file to another is determined by this externally stored benchmark, it’s impossible to archive or export an audit project beyond the program without breaking these links.

6. Dependencies cause software version conflicts and hard upgrades.

As Microsoft Office or other file editing computer software applications are updated and document formats change, integration dependencies frequently break the support of this audit program. This leads to situations in which, as an example, a new Office version compels an update of the audit software or modifications the embedded metadata (again causing data integrity risks). Even in the very best case, upgrades need rigorous testing, that causes lengthy delays in update implementations.

7. Requirement for burdensome “thick client” technology.

Creating and handling document-embedded metadata requires that these heritage audit computer software methods include a locally installed software or complex web browser plugin. Because they are hosted individually on nearby machines, these applications create significant IT administrative burdens, such as high-maintenance installation rollouts and upgrades, and compatibility difficulties.

Have you encountered one of these risks on your working environment? Want to break with document-based auditing?

White paper: The 7 dangers of document-based auditing

This white paper additionally particulars the hazards of dark information and document-based auditing, the way to avoid dark information, coping with change direction and the advantages of changing, and includes a rapid symptoms. Discover from ACL’s Chief Product Officer, Dan Zitting, about:

  • The benefits of non-document-based audit intelligence
  • The way high-functioning audit groups are moving apart from inter-linked documents and spreadsheets to unlock the importance of audit info
  • The best way to create main audit analysis and insight accessible for queries.