Could audits be void of judgments and assumptions? To answer that let’s ask another question; could entity’s design of Governance, Risk Management and Control Systems be void of their judgements, estimations and assumptions?
- Risk, being the effect of uncertainty on objectives, this uncertainty requires use of judgements, estimations and assumptions in identification, assessment and evaluation and even mitigation.
- Controls deployed to mitigate risks are designed and deployed utilizing best judgement and estimation that these will work as intended.
- And Governance providing oversight on the entity’s navigation through uncharted territories and untested waters.
Judgments, Estimations and Assumptions are pivotal to them all right from their design!
When accountants cannot produce accounts without deploying assumptions, estimations and approximations for useful lives of capital assets and for provisioning for stocks and doubtful debts and actuarial assumptions and fair values, for instance, how auditors can plan and conduct audit of those accounts without making and utilizing their own judgments?
One might be intrigued into believing that big tech is on course to cause upheaval in everything. And render anything left, that doesn’t bow down to it as irrelevant. But is that really the case? Could the need for concepts and things that require use of judgements, estimations and assumptions that can’t be replaced, eliminated?
Could businesses do without Governance, Risk Management and Controls and, well, Accounts?
Certainly not! Simply because their need can’t be eliminated. And tech can’t even alter the scheme of action for all these. What it offers to achieve at the most is gadgetry, tools to enhance efficiency and productivity, even with the advent of Generative AI that’s still dependent on aggregation of produce from human intellect!
We are not in the era of tech substituting the human intellectual capital, it will always reign supreme! We’re very much in the era of what’s it most aptly called well informed decision making! Be it Governance, Risk Management, Controls or even Accounts these tech laden gadgets serve to improve the overall experience.
Let’s aid our understanding with the most substantial application of Tech; the D3M! Worry not, for its just a fancy acronym for something equally fancy and thus widely known; the Data Driven Decision Making. Judgements, estimations and assumptions, all benefit from D3M as we’ll see below.
Consider for instance, the requirement to provide for impairment of stocks while finalizing accounts of an entity. In management’s judgment, the operating environment changes, for instance the market’s shift to a competing product with enhanced offerings has rendered some of its relevant inventory as non-usable / saleable in the ordinary course of business, unless product offering is changed, or significant discounts are offered. Thus, the stock will need to be written down in accordance with the applicable financial reporting framework.
Tech will help in procuring data from market surveys, customer preferences, shop sales, etc., assimilating the data and conforming or not conforming the original judgement.
The tech will then be used for estimation of inventory that needs to be written down / provided for based on the market survey and sales data gathered. The tech will also help in estimating the amount of discount over cost per unit of the inventory.
The tech can also be guided by assumptions built into it by the management. For instance, if the management expects a certain class of customers as being locked in and unfazed by competing products availability due to brand loyalty, or a certain market segment where competitors haven’t yet established supply chain, it can have the tech discount the estimations.
Concisely the tech will help the management make a key decision about the valuation of the inventory it is keeping in a well-informed manner based on data and its own judgements and assumptions. What it decides eventually about the provisioning will again be its own judgement and estimation unguided by tech this time!
Come auditors, management’s judgements, estimations and assumptions and the design and output of tech used for the purpose will all be retested, through their own judgement of management’s working failing or passing the knowledge of the industry, market and the reporting framework requirements. Certainly, they can or will use their own tech for this purpose.
But guess what would the auditors use more? Their own judgements, assumptions and estimations of course. Has the tech been able to replace the need for that? The need to evaluate if the management’s assumptions and estimations about a transaction or a class of transactions is accurate, viable and valid will remain omnipresent.
Data duly analyzed by high quality tech will even go as far as suggesting what actions to take, but will it eliminate the need for human assimilation, evaluation and consideration in the meeting room filled with decision makers ought to shape up their strategy?
Once in the meeting room, the tech is just a perspective, a means and a ploy that has done its part, even in arriving at a conclusion. But the human intellect will always see far and beyond it and many times even right in front of it about which the data and tech remained oblivious, for instance a data and tech driven course of action that checks all the boxes but can’t be adopted simply because socially it would be detrimental or there are human factors involved, or worse, it will be an action others are also taking; data and tech based decisions might actually erode the ‘being ahead of curve’ position, that human mind cannot miss!
What would constitute upside and downside risk, what’s the risk tolerance and capacity, what needs to be governed and what level of control needs to be exercised are products of human intellect that are used to design the tech used to model the data. Tech isn’t used to program tech!
Thus, for internal auditors, the systematic and disciplined approach we’re required to bring to evaluate and improve the Governance, Risk Management and Control systems is firstly and mainly based on the auditor’s knowledge and judgement of the entity’s requirements. Determination of the entity’s risk universe, which is all the scope for internal audit, begins with the internal auditor’s imagination and then the whole risk inventory, risk registers, heat maps use knowledge and judgement for establishing relevance and validity.
And what about auditor’s professional skepticism? Auditor’s tech-based risk assessment of any area under review might not identify all relevant risks or might not assess the risks fairly, despite its sophistication and comprehensive design engineering. While the tech is fully occupied in processing loads of data to identify and read through patterns and relationships, our professional skepticism allows us to see matches and reconciliations that are ‘hiding in plain sight’ like through our gut feel leading to a fraud discovery where one wasn’t indicated and thus expected.
It’s not that human judgment is infallible, but tech could never be all encompassing, especially when it needs ideation, creation and consistent evolution that’s only possible through human intervention. Both have found in each other a natural companion.
It is the human intellect, its judgement prowess that creates and guides the use of Tech. Tech is to aid your judgement, not replace it!