Before I transitioned to higher education, I was a senior internal auditor for more than five years with FedEx in both domestic and international operations, leading audit reviews in areas including finance, operations, compliance, and IT.
Back then, what we were doing with technology was merely the tip of the iceberg. Even in the decade since I left, things have changed significantly. Advances in the field like continuous auditing, which automates information collection and aggregation, have shifted the way we do audits.
Continuous auditing and dual roles
As a former auditor and now an audit researcher, I’m interested in the influence of technology on auditor decision-making. Continuous auditing, for example, is a technology-driven method of gathering and aggregating audit evidence. Unlike traditional periodic audits of a division or a function within a company performed as infrequently as once every five years, continuous auditing enables near real-time assessments of decisions made at even the transaction level.
What can we leverage with new technology like continuous auditing and other real-time tools that boost speed and efficiency? And how can auditors better position themselves to provide the level of assurance around rapidly increasing amounts of client data that companies currently demand?
My research study focused specifically on internal auditors and how serving in their dual role as provider of assurance and consulting services affects the effectiveness of continuous auditing. Internal auditors work for an organization, and as a result, their knowledge about that organization is deeper than it would be for an external auditor who is hired from outside the company, such as accounting firms like Deloitte or KPMG.
A company’s internal audit function can be tasked with a dual role of assurance (e.g., reviewing financial statements, looking at compliance issues) and consulting (e.g., developing and assisting in the implementation of systems). In certain circumstances, a firm’s internal audit function could find itself in a conflict of interest if the unit in charge of implementing a new system for management (such as technology that enables continuous auditing) is the same one using that same technology in its audits. This is a very common practice when the technology is developed in-house versus purchased externally.
In the study, I made and tested two different predictions. I predicted that internal auditors would find less opportunistic earnings manipulation by management when continuous auditing was in use as opposed to the more traditional periodic audits, and when the assurance and consulting roles were functionally separated. I also predicted that internal auditors would be more likely to report incidences of earnings manipulation they identified when these same two conditions were met.
Study design and results
I designed the study based on my real-world experience in the field as an internal auditor. The experiment varies the assurance frequency (continuous auditing versus periodic auditing) and role duality (functionally separating or combining the internal auditor’s assurance and consulting roles). Participants in the experiment were 188 internal auditors identified via local chapters of the Institute of Internal Auditors and the Association of College and University Auditors. The participants held, on average, 12 years of auditing experience and represented staff, management, and chief audit executives.
The participants were instructed to read a case on an impending mid-year financial reporting decision for the divisional vice president of a manufacturing company and to make assessments in two areas: 1) whether the divisional vice president would manipulate accounting numbers in a way that would activate an annual bonus, and 2) whether the auditor would report these incidences of manipulated earnings.
The study results showed internal auditors perceived earnings manipulation to be the least likely when continuous auditing was used and the internal audit function separated its dual roles. This suggests that the assurance role can benefit from the use of continuous auditing and that there are instances when the need for greater objectivity (by separating the dual roles) enhances the effectiveness of higher audit frequency.
The results also show that internal auditors are equally more likely to report incidences of earnings manipulation when they use continuous auditing and have functionally separate roles. However, the likelihood is greater when the underlying accounting numbers relate to operational-type decisions (e.g., reducing expenditures) versus estimates with no direct cash flow implications (e.g., the allowance for doubtful accounts).
The findings have implications for auditors, managers, and accounting researchers, and are important for two key reasons. First, while there is some prior research on the efficiency gains and other benefits of using continuous auditing, there is little to be found on the behavioral aspects and particularly how it affects auditors themselves. This study adds to the literature by suggesting continuous auditing can enhance both compliance with internal controls as well as the effectiveness of internal audits due to better auditor decision-making.
Second, these findings indicate that there may be objectivity concerns in employing continuous auditing as a monitoring tool. Future research is needed to explore the nuanced results identified in this study.
Thinking critically, working creatively
Beyond the parameters of the study, there’s a bigger picture. As an educator, students often ask me about the future of the profession, fearful that encroaching technology means human employees will soon be replaced by machines.
I don’t think that’s the case. In fact, I believe the opposite: it will challenge us. It’s forcing our hand in demonstrating greater creativity and critical thinking—putting the onus back on auditors to take an active role in understanding how systems work, getting better at interpreting and synthesizing the data, and ultimately making smarter decisions because of it.
This approach to auditing is really the opposite of a routine mindset. If I can automate routine tasks, then I can focus the bulk of my time on 1) the results of testing that has identified potentially the full population of exceptions, and 2) higher risk areas. Both require auditors to activate higher-order skills.
The volume and complexity of companies’ data are ever increasing, and it’s a challenge for everyone to keep pace. I think that’s the thing that is driving change—now, junior auditors are expected to enter the profession ready to make subjective decisions earlier in their career rather than three to five years later when they’ve moved up the ladder. As someone who is in the classroom every day preparing the next generation of auditing professionals, I can’t help but think that challenging our students to think critically is exactly what will serve them best.
Read the paper “The Effect of Continuous Auditing and Role Duality on the Incidence and Likelihood of Reporting Management Opportunism,” published in Management Accounting Research.
Dereck Barr-Pulliam is an assistant professor in the Department of Accounting and Information Systems at the Wisconsin School of Business.