Audit
Programs
AuditNet Links
AuditNet Library
Sarbanes-Oxley
Page
AuditNet
Newsletter
Ask
the Auditor
Audit
Jobs
Partner
Discounts
Search the Site
Our
Sponsors
Advertise
Sign
the Guestbook
AuditNet
Home Page
AuditNet®
What Holds Back Implementing Audit, Anti-Fraud, and Assurance Software….and How To Fix It
By Richard B. Lanza, CPA/CITP, CFE, PMP
Why doesn’t everyone have a comprehensive suite of audit software tools?
In researching the 2005 Buyer’s Guide for Audit, Anti-Fraud, and Assurance Software, we looked at more than one hundred software products and spent over 500 hours analyzing them. In nearly every product area we found a similar story: auditors are slow to adopt professional software created for their needs. The largest single share of work in any category was typically being done using Word, Excel, and e-mails which is memorialized in survey after survey.
In this article, we will focus on three key reasons why this situation prevails.
1. Too many new products out there, particularly SOX-related.
2. Getting data and doing analysis are too difficult.
3. Not enough time, people, or money, especially for enterprise-level solutions.
1. Too many new products. We found that roughly half of the products available to auditors today had been launched since 2002 and the Sarbanes-Oxley legislation. In the SOX market in particular, we expect to see a shakeout among vendors, as the relatively small audit software market cannot support 20 or even 30 different products all chasing the same pool of buyers. In more established audit software categories like workpapers or data analysis or forensics, we see some pressure on vendors from new arrivals and changes in technology, and this may be a reason for some not to buy, but the basic problem remains that many audit shops have not gotten around to implementing even the tools that have been available for a decade or more. In these categories we must look for other explanations—see points two and three.
We have asked groups of auditors about cheap, easy-to-implement, and highly useful products like an electronic bank and accounts receivable confirmation system or a spreadsheet audit tool. Most have either not heard of the products, or have never seen one in use. They make an ideal case for casual, gradual implementation—what we call “low-hanging fruit” and should be implemented at a minimum.
2. Getting data is too difficult. This is a multipart problem. First, audit departments do not always have a strong, cooperative relationship with IT. Audit needs are low priority and only become high when there is a “hot” fraud case or senior management request. Second, even when electronic data files are available, a certain level of experience and knowledge is needed to deal with all the technical issues relating to file formats, inconsistent spelling and entry errors, multiple sources, and so on. So this brings us to one of the key “root causes”, point number three.
3. Not enough time, people, or money. Despite the new post-Enron glamour of audit and accounting as a career, and the higher priority given to audit by management, audit departments still do not have the resources to do everything at once. Often an organization finds itself in a panic to reach goals in one year that would have been easy had they started a year or two sooner. Our advice is to take a stepwise approach:
a) find more than one ‘champion’ in the organization for the positive benefits of automating risk management, control self-assessment, and data analysis
b) support the champions with a modest but steady budget for new software, freedom to attend training and conferences and do peer networking, and in particular, the attention and interest of higher management
c) focus on achieving a real, measurable return at each stage, such as reducing or eliminating a particular kind of error, cutting labor costs for quarterly or annual audit tasks, or obtaining substantial dollar recoveries from analyzing inefficient payables operations
d) ensure the annual audit plan contains efforts to automate, be it through audit process enhancement or through improved data analysis.
The old cliché about the glass being half-full or half-empty applies to the present half-commitment of audit to using productivity software. There is much that has not yet been done, and ought to be. When it is, auditors will not only make a larger contribution to the success of the larger organization, but they will enjoy better working conditions, more job satisfaction, and higher confidence in their organization’s success.
Rich Lanza (CPA-CITP, CFE, PMP) has over 13 years of experience in using audit, anti-fraud, and assurance software. He has more published works on the topic than anyone else and he also practically uses audit software daily. For more information, please see www.richlanza.com.