Complex evidence collection practices increase risk

Complex evidence collection practices increase risk
April 6, 2015

Evidence collection, management, and review issues plague the SOX, internal controls, and audit processes.

Recent reports from global regulators and the Public Company Accounting Oversight Board (PCAOB), show that auditors and their clients are struggling to collect sufficient competent evidence to support their opinions about client internal controls. In 2014, the PCAOB inspection reports of Big Four audits averaged a failure rate of 39 percent, with one firm reaching 49 percent and another reaching 65 percent.

The 2014 Survey of Inspection Findings by the International Forum of Independent Audit Regulators (IFIAR), found that 24 percent of its members had a significant number of deficiencies related to internal controls over financial reporting. The deficiencies were related to the audit engagement procedure—finding that firms did not obtain sufficient and appropriate audit evidence to support their opinions.

Documentation may seem like an uphill battle as companies are facing a greater number of complex risks with even more complex, manual updates throughout the documentation, testing, reporting, and certification process. A recent study shows that almost 60 percent of the 1,100 companies surveyed by American Institute of Certified Public Accountants (AICPA) say they are facing a greater volume and complexity of risks than they were five years ago.

The common denominator that causes these failures: outdated tools and manual processes.

Disjointed software solutions used for evidence collection and testing require users to navigate documents in a cluttered network or shared drive. This complicates the testing review process as reviewers go back and forth among the markup samples while reviewing the Test of Controls spreadsheet and evidence in PDFs.

A complex evidence collection process requires constant monitoring, management of spreadsheets and documents, and reliance on email. Managing the work papers being collected, organizing them, and making sure they're associated with the correct test of controls document is manual and tedious.

Team members waste hours on multistep review processes and are forced to search for annotations across documentation. Seeing the current status of the review process is extremely difficult with no dashboard support.

Increase the value of your SOX, internal control, and audit teams with these three process improvements:

  1. Streamline requests

  2. Reduce the amount of time spent managing the collection process. Utilize a system that allows assignment of tasks and a single, real-time view of their statuses.

  3. Consolidate systems for review and markup

  4. Eliminate unnecessary systems for tracking, storing, and annotating testing documents. Reducing the number of places for reviewers to navigate to will ease the burden.

  5. Socialize desired business outcomes

  6. Compliance Week reports that the c-suite is having a difficult time defining risks and key business outcomes in their organizations. Get the board and senior management together to talk about it.

Streamline your testing process, improve visibility into your control environment, and reduce risk for your company. Learn more about evidence management for SOX and internal controls, here.

Mike Sellberg

About the author

Mike Sellberg is Executive Vice President and Chief Product Officer at Workiva. He is the former EVP and CTO at iMed Studios and the former Divisional General Manager at Engineering Animation, Inc.