The Importance of Audit Evidence in Compliance and Reporting
No matter the company, if you look at the bottom of vital financial documents—10-K and 10-Q, among others—you will notice one commonality. They are all signed by the company's top brass: CEO, CFO, principal accountant, and other stakeholders, frequently including the board of directors.
Does that mean the CEO of a Fortune 50 company is on the front lines of accounting? And that the CFO has memorized every line of the report? Not quite. After all, according to one Bloomberg report, the amount of text included in 10-Ks has quadrupled—from 15,000 words in 1995 to more than 60,000 in 2017. No one expects executives to absorb every last word.
Executives must trust the content inside, and that trust does not appear from out of the blue. If your signature is on the bottom of an internal control document, it is in your best interest to take the time to verify the findings inside are true. Plus, an evolving landscape of standards, such as the PCAOB Audit Reporting Standard, constantly shifts the landscape.
For audit professionals, this means they should come prepared with evidence.
The importance of audit evidence
Evidence is crucial to the audit and internal controls process because it affords signatories a reason to trust any outstanding claims. After all, a host of laws and regulations make it clear that the managers of public companies—not their auditors—are responsible for establishing and maintaining internal control over financial reporting (ICFR) and regularly assessing the effectiveness of those controls.
When a CFO's signature is at the bottom of a report, their reputation and the reputation of the business are on the line.
External auditors are frequently assigned the task of assessing the effectiveness of management’s efforts and forming an opinion as a basis for designing their audits. For certain large companies, auditors must also express a separate written opinion on those controls.
Still, just because collecting evidence is a best practice, does not mean it is always done well or accurately. There are a handful of reasons that companies fail to collect evidence.
Three reasons companies miss the mark on audit evidence
If you just scratch the surface of the issue, there are two general reasons why companies fail to collect the evidence needed to keep stakeholders and executives content with the information inside of vital reports: they don't collect enough, or they don't know how to store it.
Clearly, audit teams that don't collect evidence in the first place will stumble when pressed to back up any claims they made. But for organizations that don't know how to store evidence, three major issues arise.
1. There is a lack of a consistent, cost-effective way to collect and organize evidence
Imagine a dictionary where all the words are not in alphabetical order. All the words are there, but cannot easily be located when you need to know their definitions. In the same way, lack of organization and consistency drastically reduce the effectiveness of a reference tool.
The quality audit evidence of your team is only as valuable as the way it is collected and organized. Teams often overlook or omit applicable audit evidence and documentation when there is no easy way to collect, organize, and reference it.
2. There is an inability to share
Similarly, when teams lack a repository with the ability to share evidence from team member to team member—and across the organization—problems arise.
Without a single internal controls repository to store, organize, and access this evidence quickly and easily, audit teams run the risk of creating duplicate work or failing to account for necessary evidence.
3. They struggle with multiple versions of key documents and templates
Managing legacy spreadsheets and word processing documents as they are shared among teams is a challenge. After being passed around your team, it is nearly impossible to verify that the document that you are working on is the most up-to-date one. This can lead to miscommunication, inapplicable content being presented, or other errors.
Resources to help close the evidence gap
Gratefully, technology is available to help organizations gather the evidence they need to surmount the evidence gap. Take a deeper dive into eliminating the evidence gap in your organization by reading our white paper, Closing the Global Evidence Gap.
About the Author
As vice president of corporate development and investor relations, Mike Rost is a key contributor to the organization's growth with a focus on corporate development initiatives, emerging business areas, and developing relationships with investors and key stakeholders. Since joining Workiva in 2015, he has served in various leadership roles helping to drive the organization's growth, including the scaling of Workiva’s marketing and partner & alliance functions.
With more than 25 years of experience assisting organizations to optimize business processes, Mike has an extensive background in finance, accounting, enterprise performance management and Governance, Risk and Compliance (GRC) technology. Prior to Workiva, Mike served as vice president of marketing at Metricstream and vice president of strategic marketing at Thomson Reuters. Prior to that, he spent more than a decade in product management and marketing positions for SaaS companies and held finance positions at Pillsbury and Rollerblade, Inc.
Mike has been active in industry associations, including the Open Compliance and Ethics Group (OCEG) and the Institute of Internal Auditors (IIA). He was also a founding member of XBRL International (eXtensible Business Reporting Language), the global not for profit consortium for open international standards for digital business reporting. He has also been a frequent speaker at industry conferences on subjects such as finance transformation, data and reporting, and risk and compliance technology. He received his Bachelor of Science in Economics and his MBA from the University of Minnesota.