The document discusses the need for audit data standards to facilitate interoperability between accounting and audit software. It notes that currently, heterogeneity in client data formats makes audit automation challenging. Audit data standards like ADS and ISO 21378 aim to standardize data elements and definitions to allow automated extraction and analysis of audit evidence across different systems. The document outlines several audit data standards and explains how they promote efficiency and effectiveness by reducing data integration issues faced by auditors. Overall, audit data standards are necessary to realize the full potential of technologies like audit data analytics in the digital transformation of auditing.

1. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 1
Audit Data Standards
Is Interoperable Audit Evidence on the Horizon ?
ASSOCHAM’s Two Days Global Virtual Conference
“Audit, Risk and Governance”
October 27 & 28, 2020
Presented by:
Vinod Kashyap
National Expert to ISO: TC-295 Audit Data Services

2. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 2
Agenda
o Preamble
o Why do we need Audit Data Standards?
o Audit Data Standards
o Interoperable Audit Evidence
o Q & A

3. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 3
Preamble

4. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 4
Auditing profession has come a long way from “holler and tick”
approach where one person from audit team would call from
the ledger and the other person would tick and then the search
will be made for unticked transactions. Today, technology is
being used in auditing by all Big 4 and other top accounting
firms.

5. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 5
Audit Data Standards (ADS)
Audit Data Standards (ADS) aims to find out solution to
interoperability issues in accounting software and audit
software.
Audit Data Analytics (ADA)
Audit Data Analytics (ADA) involves the complete set of data
to identify anomalies and trends for further investigation, as
well as to provide audit evidence.
Digital Transformation of Audit
Source : Professor Miklos A Vasarhelyi, Asst. Professors Soohun Cho and Arion Cheyong , Chanyan (Abigil) Zhang

6. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 6
Digital Transformation of Audit Cont.…
Source : Professor Miklos A Vasarhelyi, Asst. Professors Soohun Cho and Arion Cheyong , Chanyan (Abigil) Zhang
Intelligent Process Automation
Intelligent Process Automation (IPA) achieves flexible and
intelligent automation by combining Robotic Process
Automation (RPA), Artificial Intelligence (AI), and other
emerging technologies.
Blockchain, Smart Contracts and Cryptoassets
Blockchain offers secure transactions but the person designing
the Blockchain Platform or writing code could be biased.
Auditors need to review the process built on blockchain, test
the controls built into the solution.

7. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 7
Why do we need Audit Data Standards ?

8. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 8
Smart Audit: the digital transformation of audit
Obstacle for Transition
“Although the digital transformation in audit is
promising, obstacles exist that can slow down this
process. First, public accounting firms serve multiple
clients, and most likely, each client has data of
different formats. The heterogeneity in clients’ data
makes it challenging to use audit automation or
analytics tools. Therefore, to achieve audit automation,
standardization is needed to homogenize clients’ data “.
Professor Miklos A Vasarhelyi, Asst. Professors Soohun Cho and
Arion Cheyong , Chanyan (Abigil) Zhang

9. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 9
ASSESS, ASSURE AND INFORM
Obstacle to Progress
24.1.4 Data is increasingly available in digitally usable
form, a trend that will only continue. However, ARGA
may wish to consider stimulating the development of
a standard method of data extraction similar to that
developed by the US AICPA covering both structured
and unstructured data. This area is not without
controversy however, as some firms are developing
their own proprietary platforms, whilst other
participants outside the audit sector are funding work
to create a common data model which could be
applied to many areas of professional services, not
just audit.

10. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 10
The challenging situation we face
o In the era of information, electronic
data has been the essential base
for audit work
o The process of auditing data
utilization generally be divided into
several steps: audit data collection,
audit data cleaning & processing,
audit data analysis etc.
o As depicted in the figure audit data
collection is the start point of audit
data utilization
Source : SAC
Database
General process of audit data utilization
My SQL
DB 2
SQL Server
Oracle
OUTPUT IMPORT
Business System Exchange File
Output from
Business System
Import data into
audit system
Audit system
Database
Oracle SQL Server

11. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 11
The challenging situation we face
o Many different systems to deal with
• Different data structures
• Different data definitions
• Different formats (Date Formats?)
o Difficulty for the user to identify the data they
need
o Different audit areas
o Different techniques for audit analysis
Example Date to show the difference between information
Sales Order
Date : yyyy.mm.dd / mm.dd.yyyy / dd. mm. yyyy
November 10, 2020
Sales Order ID ….. Fiscal Year Order Transaction Amount Sales Order Date ……
ABC1648324 2020-21 1,20,000/- 10-11-2020
October 11, 2020

12. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 12
Source : SAC
The challenging situation we face
6 systems – 15 Interface specifications
N systems – (N*2-N)/2 interface specifications
100 systems – 5,000 interface specifications
o The barriers between different kind of accounting software make it hard to exchange the data
o Other software, including audit software are disable to acquire financial data directly
Accounting
Software
A
Accounting Software
Tax Software
….
Accounting
Software
B

13. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 13
Why One More Standard?
Without Standard With Standard
❑ Interoperability issue between various accounting software
and audit software
❑ Auditors need more time to collect right financial
information
❑ Auditors need not dive head deep into data , when they need
specific information
❑ Economy of time required for gathering data
❑ Improvement of the quality of data collection and audit report
Loss of productivity
High management cost
Multiple interfaces
No guarantee of data integrity
Entry errors
Lack of responsiveness
Numerous digital breaks
Productivity gain
Reduced management cost
Better responsiveness
Guarantee of data integrity
No entry errors
Digital continuity

14. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 14
Audit Data Standards (ADS)

15. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 15
AICPA : Audit Data Standards
• AICPA published Three Audit Data Standards (ADS) in
2013
• Voluntary and recommended data standards for the
extraction of information
• Plans to release Audit Data Standards for sub-ledgers
(industry sectors and business processes) in future

16. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 16
Audit Data Collection - ISO: PC 295

17. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 17
National Bodies Involved in Development of ISO : 21378-2019
Source : SAC

18. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 18
Audit Data Collection Standards : Scope
Source : SAC
Non-financial Enterprises
including financial reports, general ledger, accounts receivable,
sales, accounts payable, purchase, inventory, property plant &
equipment, payroll etc.
Financial Reports
Includes non-financial enterprises,
financial enterprises.
Public Sector Budget
Involves budget preparation and
implementation, financial reports etc.
Tax
Including VAT, Excise Duties, Custom
Duties, Corporate Income Tax,
Individual Income Tax, Property Tax
and Other Tax.
Social Insurance
including pension insurance, Health
insurance, and Unemployment
insurance.

19. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 19
Audit Data Collection Standards (ADCS)
• Establishes common definition of accounting data elements
• Provides the information necessary to extract relevant audit
data
• Aims to find out solution to interoperability issues in
accounting software and audit software
• Save precious time of auditors in extracting data from Auditee’s
ERP system/accounting software
• Facilitates Audit Data Analytics (ADA)
ISO 21378:2019
Audit Data Collection

20. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 20
The main content of ISO : 21378 - 2019
ISO 21378-2019 covers the areas of General Ledger (GL), Accounts Receivable (AR), Sales, Accounts Payable
(AP), Purchase, Inventory, and Property, Plant and Equipment (PPE)
Purchase
Module
Inventory
Module
Sales Module
GL Module
AP Module PPE Module AR Module
Payment information
Purchase invoices
Voucher delivery
Purchase Warehouse
Voucher
PPE purchase
Voucher delivery
Voucher delivery
Sales delivery
voucher
Receipt information
Sales invoices
Voucher delivery
Connections and lines
Process flow
Key Components
Modules of ADCS

21. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 21
Audit Data Collection Standards: New Proposals
• Custom, Excise Duty, Goods &
Services Tax, Value Added Tax, Sales
Tax (US) etc.
• Government Audits for verifying
correctness and completeness of
indirect taxes and customs.
• Establishment of a more efficient
and effective process for collection
of audit data that can be leveraged
in tax compliance, tax monitoring
and internal audits.
• OECD Standard Audit File for Tax:
SAF-T v 1.0 released in 2005 and v
2.0 released in 2010.
Audit Data Collection Extension:
Government Regulated Financial Reports
and Payroll
Audit Data Collection:
Customs and Indirect Tax Extension
Exchange Formats for The Audit Data
Collection Standard :
XML and JSON
• Government financial audit usually
starts with reviewing and analyzing
statutory financial statements.
• Need to follow country specific
rules for data aggregation known as
statutory taxonomy or chart of
accounts.
• Human Capital Management (HCM)
solution.
• Help in Payroll Audit with an
objective of checking correctness,
compliance and justifiability
• Current exchange format: Flat File
(CSV)
• XML, JSON and flat file (CSV)
• XML technical guide, XML schema,
XML sample messages
• JSON schema, JSON sample
messages, JSON solution in CSV

22. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 22
Audit Data Collection Standards (ADCS) : Global Scenario
Secretariate
Participating Members
Observing Members

23. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 23
Audit Data Collection Standards (ADCS) in India

24. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 24
Draft Audit Data Collection Standards (ADCS) Released by BIS
https://www.services.bis.gov.in:8071/php/BIS_2.0/dgdashboard/draft/darftdetailcomm/412/3/SSD-I-12

25. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 25
Interoperable Audit Evidence

26. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 26
Audit Evidence Collection Procedures
Source : Appelbaum and Nehmer
Procedure “Traditional” Method “Technology-based” Method
Inspection of records or documents
Pull sample of records and trace,
verify/match
Evaluate entire datasets in ERP
Inspection of tangible assets
Physical inventory, walk through, open
boxes
RFID Tagging
Observation Stand, Sit with workers and observe Use process mining to verify work flows
Inquiry Written or oral interviews Monitor processes and controls, identify
process violators
Confirmation Verify account balance Link data streams
Recalculation Exact and recalculate figures to verify Monitor all data and run calculations
automatically as desired
Re-performance Re-perform procedures to verify Automatically replicate all transactions
and identify exceptions
Analytical procedures Scanning and statistics Filter real-time data with continuity
equations and statistics & use of analytics

27. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 27
Analytical Procedures
• Ratio analysis
• Trend analysis
• Regression analysis
• General Ledger account reconciliation and analysis
• Journal entry analysis
• Segregation of duties analysis
• Three-way-matching
• Cluster analysis
• Data mining
Audit Data Analytics (ADA)

28. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 28
Audit Evidence (SA-500)
Audit evidence – Information used by the auditor
in arriving at the conclusions on which the
auditor’s opinion is based. Audit evidence includes
both information contained in the accounting
records underlying the financial statements and
information obtained from other sources.
Audit Evidence
• Information used by the auditor in arriving at the
conclusions on which the auditor’s opinion is
based. Audit evidence includes both information
contained in the accounting records underlying the
financial statements and information obtained
from other sources.
• Sufficient and appropriate audit evidence.

29. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 29
Audit Evidence (SA-500)
Audit evidence – Information used by the auditor in arriving at the
conclusions on which the auditor’s opinion is based. Audit evidence
includes both information contained in the accounting records
underlying the financial statements and information obtained from
other sources
Audit Evidence
• An emergent need has been felt for quite sometime for auditing
standards to recognize the use of “automated tools and techniques”
(Audit Data Analytics (ADA), Artificial Intelligence (AI), Machine
Learning (ML), Robotic Process Automation RPA), and Remote
Observation Tools) which are being used for planning or performing
the audit.
• AICPA has issued new standard on Audit Evidence (AU-C 500) in July
2020 which recognize the use of “automated tools and techniques” in
audit.
• IAASB has issued Project Update on Revision of ISA 500 in September
2020.
• SA 500 “Audit Evidence”, which was issued over a decade ago, doesn’t
recognize emerging technologies and tools used by auditors in
collection of audit evidence.

30. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 30
Audit Evidence : Interoperability
Organizational
Interoperability
Semantic
Interoperability
Syntactic
Interoperability
Technical
Interoperability
Business process integration beyond the boundaries of a
single organization.
Ensuring the same meaning of exchanged data through
predefined and shared meaning of terms and expressions.
Ensuring the same meaning of exchanged data through
predefined and shared meaning of terms and expressions.
Technical end-to-end exchange of data among systems.
“The ability for a device from one manufacturer to work with one from another” - Gartner

31. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020
“No matter how complex things are,
basically everything is simple.”
Questions

32. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020
THANK
YOU

33. 2020 © NextGen ASSOCHAM Two Days Global Virtual Conference : Audit, Risk and Governance -2020 33
Vinod Kashyap
Email : vinod.Kashyap@nextgenknowledge.com