PCAOB Adopts New Rules for Auditors on Technology-Aided Analysis

Jun. 14, 2024

The revised rules provide detail and clarity for auditors when performing procedures using technology-assisted analysis.

The Public Company Accounting Oversight Board (PCAOB) on June 12 approved revising existing rules to provide additional detail and clarity around the responsibilities auditors have when performing procedures using technology-assisted analysis.

Proposed in June 2023, the board on Wednesday OK’d updating aspects of AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement.

The PCAOB found that some auditors had expanded their use of technology-assisted analysis—often referred to in practice as “data analysis” or “data analytics”—to perform specific audit procedures that are described in existing AS 1105. These procedures include, for example, inspecting company information in electronic form by examining the correlation between different types of transactions, comparing company information to third-party information, performing analytical procedures by comparing an auditor’s expectation to the company’s recorded balances or transactions, or recalculating company information, according to the PCAOB.

“Audit procedures that involve technology-assisted analysis offer the potential to be an effective approach to obtain persuasive audit evidence, enhancing investor protection,” PCAOB Chair Erica Williams said during Wednesday’s board meeting. “Today, some firms are using technology-assisted analysis to obtain audit evidence. In certain cases, our oversight activities have found instances of noncompliance with our standards related to evaluating the relevance and reliability of company-provided information and evaluating certain items identified using technology-assisted analysis. Other firms appear to be reluctant to perform technology-assisted analysis due to perceived regulatory uncertainty, as our standards do not specifically address the performance of such analysis.

“Consequently, there is a need to change our standards to address more specifically certain aspects of designing and performing audit procedures that involve such analysis,” she continued. “This is why we issued a proposal—just shy of one year ago—to amend our standards in this area.”

The PCAOB said the changes adopted by the board on Wednesday bring greater clarity to auditor responsibilities in the following areas:

Using reliable information in audit procedures: Technology-assisted analysis often involves analyzing vast amounts of information in electronic form. The updated rules explain auditors’ responsibilities when evaluating the reliability of such information used as audit evidence. For example, when auditors test a company’s controls over electronic information, their testing should include, where applicable, controls over the company’s information technology general controls and automated application controls related to such information.

Using audit evidence for multiple purposes: Technology-assisted analysis can be used to provide audit evidence for various purposes in an audit. For example, auditors may use technology-assisted analysis to analyze a population of transactions as part of identifying risks of material misstatement or to perform, after identifying such risks, substantive procedures on all items within a population. The updated rules specify that if an auditor uses an audit procedure for more than one purpose, the auditor should achieve each objective of the procedure.

Performing tests of details: When performing tests of details, auditors may use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation. For example, auditors may identify all transactions within an account exceeding a certain amount or processed by a certain individual. The updated rules clarify that the auditor’s investigation of such items should include determining whether the identified items individually or in the aggregate indicate misstatements or control deficiencies.

The PCAOB also noted that comments it received from audit firms and other stakeholders “provided valuable input that helped inform” the adopted amendments. The audit regulator said it clarified and modified the amendments in consideration of the comments received. For example:

The adopting release clarifies the definition of “test of details” to highlight that it pertains to performing procedures that are appropriate to the particular audit objectives for each item selected for testing. It also relocates the proposed description of a “test of details” from AS 1105 to a new section and paragraph in AS 2301 to avoid confusion with differentiating tests of details from analytical procedures. Further, the final requirements were narrowed and reframed to focus on the auditor’s investigation of items when performing a test of details as part of the auditor’s response to assessed risk.

Some commenters expressed confusion regarding whether the proposed amendments required the auditor to test controls when evaluating the reliability of external information provided by the company in electronic form. To avoid such confusion, the revised amendments clarify that the auditor can either test the information to determine whether it has been modified or, if the auditor chooses to test controls, the auditor should test controls over the receiving, maintaining, and (where applicable) processing of information that are relevant to the auditor’s evaluation of whether the information is reliable.

“Today’s adoption will help two essential PCAOB standards keep pace with changes in the use of technology and provide the clarity auditors need to perform high-quality audits using technology-assisted analysis,” Williams said.

The new standard will apply to all audits conducted under PCAOB standards. Subject to approval by the Securities and Exchange Commission, the new standard and related amendments will take effect for audits of financial statements for fiscal years beginning on or after Dec. 15, 2025.

[CPA Practice Advisor]