Outline of hand touching a screen superimposed over desktop workspace.

Recent guidance on using automated tools and techniques (ATT) in the audit

New to using ATT in audits? Wondering how to use ATT appropriately for risk assessment, audit procedures or what to document? Find a summary of recent Canadian and International resources here.

Technology is changing how audits are performed. Auditors are increasingly using automated tools and techniques (ATT) to perform risk assessment and further audit procedures. The International Auditing and Assurance Standards Board (IAASB) continues to explore technology’s effect on audit and assurance to ensure auditors are equipped to take full advantage of innovation and ensure technological advances are not an impediment to high-quality audit.

The IAASB considers implications of technology in its ongoing standard-setting projects, and recently issued standards such as the Quality Management suite of standards and ISA 315, Identifying and Assessing the Risks of Material Misstatement (Revised 2019) that address the topic of ATT. In addition, the IAASB established its Technology Working Group (TWG) to identify technology-related matters for which there is an opportunity for a more immediate response through developing and issuing guidance.

Since 2019 the TWG has issued several pieces of guidance that focus on using ATT when performing audits. This material can assist Canadian auditors as they incorporate ATT into their work processes.

Read this blog to learn:

  • what automated tools and techniques are
  • why the IAASB TWG guidance is important for Canadian audit practitioners
  • what is covered in the IAASB TWG guidance and links where you can read more

Organizations are issuing resources and guidance relating to using ATT in an audit. To help you navigate this evolving area of practice we’ve also included some external links at the end of this post which may address some relevant considerations in planning, performing, and documenting your audit when using ATT.

What are automated tools and techniques (ATT)?

ATT is a broad term describing the tools and techniques auditors use in performing audit procedures. The term is deliberately broad because technologies and related audit applications will continue to evolve, such as artificial intelligence applications, robotics automation processes, and others.

Although the term “data analytics” sometimes refers to such tools and techniques, data analytics does not have a uniform definition or description. Data analytics can be too narrow because it does not encompass all emerging technologies auditors use when designing and performing audit procedures today.

In applying the auditing standards, an auditor may design and perform audit procedures manually or using ATT, and either technique can be effective. Regardless of the tools and techniques used, the auditor is required to comply with the standards. In certain circumstances, when obtaining audit evidence, an auditor may determine that the use of ATT to perform certain audit procedures may result in more persuasive audit evidence relative to the assertion being tested. In other circumstances, performing audit procedures may be effective without the use of ATT.

Why is the IAASB TWG guidance important for Canadian audit practitioners?

As an associate director supporting the Auditing and Assurance Standards Board (AASB) in Canada, I speak to audit practitioners from offices of different sizes. They often ask me questions about using technology or ATT in performing audit procedures and what the auditing standards allow.

In Canada, the AASB adopts the International Standards on Auditing (ISA) as Canadian Auditing Standards (CAS). Accordingly, the TWG guidance is relevant for auditors when auditing under CASs.

Haven't signed up yet? Subscribe now to join our growing audience of over 10,000 professionals who receive updates on the latest audit quality blogs as well as resources and professional development opportunities.SIGN ME UP

What’s covered in the IAASB TWG guidance?

The IAASB guidance material prepared to date focuses on the use of ATT in the audit related to:

  • identifying and assessing risks of material misstatement
  • addressing the risk of overreliance on technology
  • performing audit procedures
  • preparing audit documentation

Identifying and assessing the risks of material misstatement

CAS 315, Identifying and Assessing the Risks of Material Misstatement was recently updated and is effective for audits of financial statements for periods beginning on or after December 15, 2021. The revised standard focuses on different aspects of ATT under headings titled “Automated Tools and Techniques.” These paragraphs provide explanations of how auditors may use ATT in performing procedures to meet the requirements of CAS 315. The TWG publication covers several questions, including:

  1. What types of ATT can the auditor use in risk assessment procedures?
  2. How can the auditor use ATT in performing risk assessment procedures?
  3. How can the auditor use ATT to support the auditor's exercise of professional skepticism when performing risk assessment procedures? Are there special considerations to demonstrate the exercise of professional skepticism when using ATT?
  4. How is ATT helpful when the auditor is considering the inherent risk factors in the identification and assessment of risks of material misstatement?
  5. What are the auditor's considerations regarding the use of machine learning or artificial intelligence by the entity when performing risk assessment procedures?
  6. What are the considerations in documenting the auditor's use of ATT in performing risk assessment procedures?

Access the TWG FAQ Nov 2020: Use of ATT when Identifying and Assessing Risks of Material Misstatement.

Addressing the risk of overreliance on technology

The use of technology may potentially create biases or a general risk of overreliance on the information or output of the audit procedure performed (i.e., “risk of overreliance”).

This publication considers how the auditor can address automation bias and the risk of overreliance on technology when using ATT and when using information produced by the entity’s systems.

The TWG publication covers a number of questions, including:

  1. What are examples of biases that using technology, by either the auditor or the entity in providing information, might create?
  2. How can firms help the auditor address automation bias and the risk of overreliance when using ATT?
  3. How can the auditor address automation bias or risk of overreliance on the information produced by the entity which is provided by the entity's automated system?
  4. How can the auditor address automation bias and the risk of overreliance when using their own ATT?

TWG FAQ March 2021: ATT and the Use of Information Produced by the Entity’s Systems

Performing audit procedures

This publication highlights the impact of technology when applying certain aspects of the ISAs and focuses on how an auditor may use ATT. In particular, the publication addresses:

  1. Whether a procedure involving the use of ATT may serve as both a risk assessment procedure and a further audit procedure.
  2. Specific considerations when using ATT in performing substantive analytical procedures in accordance with ISA/CAS 520, Analytical Procedures.

An illustrative example is also included in response to the first question that shows how audit procedures involving the use of the same ATT and the same data can serve as both a risk assessment procedure and a further audit procedure.

TWG FAQ September 2020: Performing Audit Procedures Using ATT

Preparing audit documentation

CAS 230, Audit Documentation does not differentiate between using ATT and manual tools and techniques in the audit documentation requirements. However, using ATT may result in different documentation considerations. This publication includes audit documentation considerations for the following:

  • results of audit procedures performed
  • significant matters arising during the audit
  • form, content, and extent of audit documentation
  • using iterations of audit procedures by applying filters to the data before arriving at a result

It also covers special considerations for how the firm’s approval of technological resources may affect the auditor’s documentation.

TWG FAQ April 2020: Audit Documentation when using ATT

New Update for December 2021 publication: TWG FAQ December 2021 – Audit Planning When Using ATT

What's next

If you found these guidance pieces helpful and you want more, you can keep up to date on the IAASB’s Technology Focus Area page. You can find additional resources for CPAs on our technology resources hub.

The IAASB is also currently revising ISA 500, Audit Evidence and plans to recognize the use of technology, both in the context of:

  • an entity’s use of technology in preparing financial statements and technology used to generate other underling information
  • the auditor’s use of technology in performing audit procedures

Other external resources

Audit regulators:

Technology in the audit
Canadian Public Accountability Board

Addressing exceptions in the use of audit data analytics
Financial Reporting Council, UK

Standard setters:

Integrity of data obtained for the purpose of an audit of a financial report
Australian Auditing and Assurance Standards Board


Resources referenced in this blog issued by external organizations were not reviewed, developed or approved by CPA Canada or the Auditing and Assurance Standards Board (AASB). CPA Canada and the AASB accept no responsibility or liability that might occur directly or indirectly as a consequence of the use, application or reliance on these external resources.

Keep the conversation going

With the exponential increase in emerging technologies and the expanding sources of information to be used, do you feel more is needed in standards or guidance to enhance your ability to perform a quality audit using ATT? If you have ideas about technology guidance that auditors may need, post a comment below or email me directly. I look forward to hearing your views.


The views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.