The idea of robots being an integral part of today’s audit and compliance teams isn’t a thing of science fiction. It’s here and now.
At Compliance Week’s Technology Innovation & Compliance Summit, held June 26 in Boston, compliance officers and audit professionals gathered to discuss how data analytics—such as artificial intelligence (AI) and robotic process automation (RPA)—is advancing the role of compliance and audit, what challenges they create, and what benefits are being realized.
“Technologies around artificial intelligence exist. It’s finding the use cases and the practical applications of how that’s going to be implemented at companies to derive meaningful insights that’s the challenge,” said Scott Szalony, an audit and assurance partner at Deloitte & Touche, speaking at the Summit.
Some companies are already making strides. In a poll conducted by Compliance Week, 50 percent of respondents said they have already begun to integrate, or are well on their way to integrating, data analytics technologies within certain compliance and audit functions, whereas the other 50 percent said they are likely to.
A few examples of new technologies that companies are starting to employ include:
Robotic process automation: In its simplest form, RPA is the automation of repetitive tasks and business processes that mimic human computer activities—things like logging into a system, entering data, and copying and pasting data across many systems and departments. Processes automated through RPA must be rules-based—be it in finance, customer service, or operations. As just one example, RPA can enhance the accounting close process by gathering and consolidating transactions recorded in journals and reconciling them in an ERP system.
Artificial intelligence (AI): One limitation of RPA is that you can only input structured data, like spreadsheets and databases. In this way, AI complements RPA by taking unstructured data—like e-mails, phone calls, meeting transcripts, contracts, bank checks—and putting them into a structured format. The capabilities it affords are also “smarter” than RPA in many ways. As just one example of this, certain cognitive AI technologies can read signatures to help find forged documents. Also, unlike RPA, AI provides for more sophisticated data models that help companies to enhance their decision-making processes.
Data visualization. Data visualization essentially is the art of data, presented through charts and graphs. Just as AI complements RPA, data visualization complements AI by turning large amounts of complex data into attractive visuals that make it easier to interpret the data.
“Many don’t think of the auditing field as a tech-driven industry, but if our clients are going there, then the auditors have to go there.”
Catherine Ide, Managing Director, Professional Practice & Member Services, Center for Audit Quality
Companies that have had early success with automation generally start with low-hanging fruit. They first find an area where they can perform a proof of concept to prove the value of automation before moving onto larger projects. “Generally, the best use cases are use cases where data is readily available,” said Jennifer Gerasimov, a managing director at Deloitte Advisory.
Accounts payable data is a good starting point for data that most companies have readily available. General Electric, for example, “ha[s] a data lake that our IT team has put together for all our AP systems,” said Thanh Tsoi, director of compliance—digital transformation at General Electric. “We are looking for outliers and patterns and trends to identify risk.” Specific examples might include high employee spend in certain customer accounts, or high spend in a certain region of the world.
GE has independent data scientists that analyze data for trends to identify risk factors, Tsoi added. Those data scientists understand what risks the business is trying to mitigate, “but also I understand what they need to do to get their job done,” she said, adding that the partnership is invaluable.
On the machine learning side, “our analysis and monitoring team can now focus on high-risk transactions,” Tsoi added. “That’s been effective in mitigating a lot of risk.”
Another consideration is what actions to take once the business has gathered and analyzed the data. “Data visualization is pretty, but are you actually taking action on it?” Tsoi said.
Looking at the broader picture of data analytics, automation is intended to enhance—not replace—human intelligence. “There is value in individual knowledge and experience, and that should not be forgotten,” Gerasimov said. There is always going to be the need for humans to translate what the data means in relation to the risks that the business faces, and what predictive modeling can be garnered from it.
The ownership and accountability piece is another important factor, Tsoi said. Who will advocate for automation? Who understands the process? Who will take accountability and will want to improve it? This individual—typically, the end user—should be included in the early stages of the process to help define requirements.
Just as important as the human element is the security and privacy side of automation. It’s important to be critical about the reasoning behind why the business is keeping data. “What are you going to use that data for? Don’t just pull it because you might use it later,” Tsoi said.
On the assurance and audit side, technology innovations are also on the radar of accounting and auditing firms. “Many don’t think of the auditing field as a tech-driven industry, but if our clients are going there, then the auditors have to go there,” said Catherine Ide, managing director of professional practice and member services at the Center for Audit Quality (CAQ). “Our clients are going to expect us to modernize and become more effective and efficient as they are making investments in their own companies.”
How likely are you to integrate technology with certain compliance/audit functions?
Sources: Compliance Week
Thus, audit firms are making major investments in cognitive technology, like machine learning and pattern recognition, she said. Internal auditors are looking to employ new technology, like data visualization, in their audits as well.
Continued strife over new lease accounting standards taking effect next year only adds to the incentive for audit to move further along the technology continuum. “Companies and audit firms alike are thinking about using this as an impetus to monitor how they track their leases in terms of both inventory, as well as accounting,” Ide said. The opportunity is there to use document-extraction software and machine learning to pull out key terms in a contract, she said.
What concerns you most about integrating technology?
Sources: Compliance Week
Another important consideration will be the ability of accounting oversight bodies—like the Public Company Accounting Oversight Board and the Financial Accounting Oversight Board—to keep up with the pace of technological change. In terms of auditing standards promulgated by the PCAOB, for example, “there’s likely an opportunity for additional guidance for auditors about implementing these types of more sophisticated risk analysis tools and data analytics,” Ide said.
Most respondents to the Compliance Week poll agreed. Specifically, when asked about the regulatory approach to cutting-edge technologies, 62.5 percent said cutting-edge technologies should be treated like any other risk factor that requires rules and oversight.
There’s also more work to be done as preparers look to the Securities and Exchange Commission for guidance on how to adopt these technologies or take advantage of new innovations. From a financial accounting standards perspective, Ide noted that “significant accounting and auditing questions” remain as it concerns companies that utilize technologies like bitcoin, for example. As the SEC ramps up its interest in this area, “the regulatory umbrella will have an impact,” she said.
As the adage goes, “a picture is worth a thousand words,” but in the world of compliance and audit, that picture is worth a thousand words only if you can understand the data, Ide said. That’s applicable to not just auditors using data analytics, but also management seeking to understand more about the risks their companies face and audit committees seeking to better understand what risks they should be thinking about from an oversight perspective. “These tools and technologies are enabling not just the auditor,” Ide concluded, “but [giving] everybody in the financial reporting supply chain a better lens into the risks associated with the business.”