Technology is changing how audits are performed. Auditors are increasingly using automated tools and techniques (ATT) to perform risk assessment and further audit procedures. The International Auditing and Assurance Standards Board (IAASB) continues to explore technology’s effect on audit and assurance to ensure auditors are equipped to take full advantage of innovation and ensure technological advances are not an impediment to high-quality audit.\nThe IAASB considers implications of technology in its ongoing standard-setting projects, and recently issued standards such as the Quality Management suite of standards and ISA 315, Identifying and Assessing the Risks of Material Misstatement (Revised 2019) that address the topic of ATT. In addition, the IAASB established its Technology Working Group (TWG) to identify technology-related matters for which there is an opportunity for a more immediate response through developing and issuing guidance.\nSince 2019 the TWG has issued several pieces of guidance that focus on using ATT when performing audits. This material can assist Canadian auditors as they incorporate ATT into their work processes.\nRead this blog to learn:\n\n what automated tools and techniques are\n why the IAASB TWG guidance is important for Canadian audit practitioners\n what is covered in the IAASB TWG guidance and links where you can read more\n\nOrganizations are issuing resources and guidance relating to using ATT in an audit. To help you navigate this evolving area of practice we’ve also included some external links at the end of this post which may address some relevant considerations in planning, performing, and documenting your audit when using ATT.\nWhat are automated tools and techniques (ATT)?\nATT is a broad term describing the tools and techniques auditors use in performing audit procedures. The term is deliberately broad because technologies and related audit applications will continue to evolve, such as artificial intelligence applications, robotics automation processes, and others.\nAlthough the term “data analytics” sometimes refers to such tools and techniques, data analytics does not have a uniform definition or description. Data analytics can be too narrow because it does not encompass all emerging technologies auditors use when designing and performing audit procedures today.\nIn applying the auditing standards, an auditor may design and perform audit procedures manually or using ATT, and either technique can be effective. Regardless of the tools and techniques used, the auditor is required to comply with the standards. In certain circumstances, when obtaining audit evidence, an auditor may determine that the use of ATT to perform certain audit procedures may result in more persuasive audit evidence relative to the assertion being tested. In other circumstances, performing audit procedures may be effective without the use of ATT.\nWhy is the IAASB TWG guidance important for Canadian audit practitioners?\nAs an associate director supporting the Auditing and Assurance Standards Board (AASB) in Canada, I speak to audit practitioners from offices of different sizes. They often ask me questions about using technology or ATT in performing audit procedures and what the auditing standards allow.\nIn Canada, the AASB adopts the International Standards on Auditing (ISA) as Canadian Auditing Standards (CAS). Accordingly, the TWG guidance is relevant for auditors when auditing under CASs.\n\n\n\nHaven't signed up yet? Subscribe now to join our growing audience of over 10,000 professionals who receive updates on the latest audit quality blogs as well as resources and professional development opportunities.SIGN ME UP\n\nWhat’s covered in the IAASB TWG guidance?\nThe IAASB guidance material prepared to date focuses on the use of ATT in the audit related to:\n\n identifying and assessing risks of material misstatement\n addressing the risk of overreliance on technology\n performing audit procedures\n preparing audit documentation\n\nIdentifying and assessing the risks of material misstatement\nCAS 315, Identifying and Assessing the Risks of Material Misstatement was recently updated and is effective for audits of financial statements for periods beginning on or after December 15, 2021. The revised standard focuses on different aspects of ATT under headings titled “Automated Tools and Techniques.” These paragraphs provide explanations of how auditors may use ATT in performing procedures to meet the requirements of CAS 315. The TWG publication covers several questions, including:\n\n What types of ATT can the auditor use in risk assessment procedures?\n How can the auditor use ATT in performing risk assessment procedures?\n How can the auditor use ATT to support the auditor's exercise of professional skepticism when performing risk assessment procedures? Are there special considerations to demonstrate the exercise of professional skepticism when using ATT?\n How is ATT helpful when the auditor is considering the inherent risk factors in the identification and assessment of risks of material misstatement?\n What are the auditor's considerations regarding the use of machine learning or artificial intelligence by the entity when performing risk assessment procedures?\n What are the considerations in documenting the auditor's use of ATT in performing risk assessment procedures?\n\nAccess the TWG FAQ Nov 2020: Use of ATT when Identifying and Assessing Risks of Material Misstatement.\nAddressing the risk of overreliance on technology\nThe use of technology may potentially create biases or a general risk of overreliance on the information or output of the audit procedure performed (i.e., “risk of overreliance”).\nThis publication considers how the auditor can address automation bias and the risk of overreliance on technology when using ATT and when using information produced by the entity’s systems.\nThe TWG publication covers a number of questions, including:\n\n What are examples of biases that using technology, by either the auditor or the entity in providing information, might create?\n How can firms help the auditor address automation bias and the risk of overreliance when using ATT?\n How can the auditor address automation bias or risk of overreliance on the information produced by the entity which is provided by the entity's automated system?\n How can the auditor address automation bias and the risk of overreliance when using their own ATT?\n\nTWG FAQ March 2021: ATT and the Use of Information Produced by the Entity’s Systems\nPerforming audit procedures\nThis publication highlights the impact of technology when applying certain aspects of the ISAs and focuses on how an auditor may use ATT. In particular, the publication addresses:\n\n Whether a procedure involving the use of ATT may serve as both a risk assessment procedure and a further audit procedure.\n Specific considerations when using ATT in performing substantive analytical procedures in accordance with ISA/CAS 520, Analytical Procedures.\n\nAn illustrative example is also included in response to the first question that shows how audit procedures involving the use of the same ATT and the same data can serve as both a risk assessment procedure and a further audit procedure. \n TWG FAQ September 2020: Performing Audit Procedures Using ATT\nPreparing audit documentation\nCAS 230, Audit Documentation does not differentiate between using ATT and manual tools and techniques in the audit documentation requirements. However, using ATT may result in different documentation considerations. This publication includes audit documentation considerations for the following:\n\n results of audit procedures performed\n significant matters arising during the audit\n form, content, and extent of audit documentation\n using iterations of audit procedures by applying filters to the data before arriving at a result\n\nIt also covers special considerations for how the firm’s approval of technological resources may affect the auditor’s documentation.\nTWG FAQ April 2020: Audit Documentation when using ATT\n New Update for December 2021 publication: TWG FAQ December 2021 – Audit Planning When Using ATT\nWhat's next\nIf you found these guidance pieces helpful and you want more, you can keep up to date on the IAASB’s Technology Focus Area page. You can find additional resources for CPAs on our technology resources hub.\nThe IAASB is also currently revising ISA 500, Audit Evidence and plans to recognize the use of technology, both in the context of:\n\n an entity’s use of technology in preparing financial statements and technology used to generate other underling information\n the auditor’s use of technology in performing audit procedures\n\nOther external resources\nAudit regulators:\nTechnology in the audit\nCanadian Public Accountability Board\nAddressing exceptions in the use of audit data analytics\nFinancial Reporting Council, UK\nStandard setters:\nIntegrity of data obtained for the purpose of an audit of a financial report\nAustralian Auditing and Assurance Standards Board\nNOTE\nResources referenced in this blog issued by external organizations were not reviewed, developed or approved by CPA Canada or the Auditing and Assurance Standards Board (AASB). CPA Canada and the AASB accept no responsibility or liability that might occur directly or indirectly as a consequence of the use, application or reliance on these external resources.\nKeep the conversation going\nWith the exponential increase in emerging technologies and the expanding sources of information to be used, do you feel more is needed in standards or guidance to enhance your ability to perform a quality audit using ATT? If you have ideas about technology guidance that auditors may need, post a comment below or email me directly. I look forward to hearing your views.\nDisclaimer\nThe views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.