Data Analytics in Risk Assessment
Abstract
Possibilities to obtain a more thorough and efficient understanding of the entity and its environment during an audit, lays in the use of technology and data analytics presented for the auditor. In an environment with high volume of data and increasing complexity, there are potential to improve the quality of the auditor's risk assessment (IAASB, 2017, p. 7). However, research indicates that the use of DA is limited, despite the fact that it offers a variety of advantages and multiple audit firms have invested capital in the technology to enable the use of DA (Krieger et al., 2021). This is due to lack of knowledge, support, and acceptance from the standard-setters (Austin et al., 2021). Prior research has focused largely on DA in the audit process of obtaining evidence. The aim of this master's thesis is to provide insight on how DA is utilized in risk assessment and how this is affected by the guidance provided by the International Standards on Auditing (ISA).
We have examined how data analytics is currently used, identified potential for growth and improvement, and looked at how the ISAs support the use of data analytics in risk assessment. Our dissertation contributes to this lack of empirical research and add a new perspective to the discussion by answering: “How data analytics are utilized in risk assessment and the role of the auditing standards in shaping its use”.
To answer our research aim, we used a qualitative approach for gathering primary data. We conducted eight semi-structured interviews with informants with deep and broad knowledge within the auditing field. Our results shows that DA is widely used in risk assessment by larger audit firms, however, there are variations in how it is applied, prioritized, and defined. As a result, DA in risk assessment is currently not operating at its highest potential. By increasing knowledge and expanding access to standardized data, we may take a step toward achieving DA's promise in risk assessment. But in order for this to happen, the standards need to be updated. The present guidelines need to be modified since they neither discourage nor support the auditor to use DA. The criteria for employing DA, the auditor's skill requirements, or just more guidance and information about what may be used, might all be added to achieve this.