PCAOB Updates Its Standards To Clarify Auditor Responsibilities When Using Technology-Assisted Analysis

The Board takes action to address aspects of the auditor’s use of technology-assisted analysis to reduce the risk that auditors will issue an opinion without obtaining relevant and reliable audit evidence.

Washington, DC, Jun. 12, 2024

The Public Company Accounting Oversight Board (PCAOB) today adopted amendments to two PCAOB auditing standards, AS 1105, Audit Evidence, and AS 2301, The Auditor’s Responses to the Risks of Material Misstatement, addressing aspects of audit procedures that involve technology-assisted analysis of information in electronic form.  

These changes, which grew out of the Board’s ongoing research project on the use of data and technology, are designed to provide additional detail and clarity around the responsibilities auditors have when performing procedures using technology-assisted analysis. The detail and clarity provided by these amendments should serve to reduce the risk that auditors who use technology-assisted analysis in the audit may issue an opinion without obtaining sufficient appropriate audit evidence. The additional clarity also should address some auditors’ reluctance, which the PCAOB has observed, to use technology-assisted analysis at all under existing standards.  

“Today’s adoption will help two essential PCAOB standards keep pace with changes in the use of technology and provide the clarity auditors need to perform high-quality audits using technology-assisted analysis,” said PCAOB Chair Erica Y. Williams. “The Board thanks all those who commented on the amendments we proposed last year, and we look forward to monitoring the implementation and impact of the amendments.” 

Changes Clarify Auditor Responsibilities Regarding Information and Procedures 

The changes adopted today bring greater clarity to auditor responsibilities in the following areas: 

  • Using reliable information in audit procedures: Technology-assisted analysis often involves analyzing vast amounts of information in electronic form. The adopting release emphasizes auditors’ responsibilities when evaluating the reliability of such information used as audit evidence. For example, when auditors test a company’s controls over electronic information, their testing should include, where applicable, controls over the company’s information technology general controls and automated application controls related to such information.  

  • Using audit evidence for multiple purposes: Technology-assisted analysis can be used to provide audit evidence for various purposes in an audit. For example, auditors may use technology-assisted analysis to analyze a population of transactions as part of identifying risks of material misstatement or to perform, after identifying such risks, substantive procedures on all items within a population. The adopting release specifies that if an auditor uses an audit procedure for more than one purpose, the auditor should achieve each objective of the procedure. 

  • Performing tests of details: When performing tests of details, auditors may use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation. For example, auditors may identify all transactions within an account exceeding a certain amount or processed by a certain individual. The adopting release clarifies that the auditor’s investigation of such items should include determining whether the identified items individually or in the aggregate indicate misstatements or control deficiencies. 

As discussed in the adopting release, numerous commenters provided valuable input that helped inform the adopted amendments. The PCAOB clarified and modified the amendments in consideration of the comments received. For example: 

  • The adopting release clarifies the definition of “test of details” to highlight that it pertains to performing procedures that are appropriate to the particular audit objectives for each item selected for testing. It also relocates the proposed description of a “test of details” from AS 1105 to a new section and paragraph in AS 2301 to avoid confusion with differentiating tests of details from analytical procedures. Further, the final requirements were narrowed and reframed to focus on the auditor’s investigation of items when performing a test of details as part of the auditor’s response to assessed risk.  

  • Some commenters expressed confusion regarding whether the proposed amendments required the auditor to test controls when evaluating the reliability of external information provided by the company in electronic form. To avoid such confusion, the revised amendments clarify that the auditor can either test the information to determine whether it has been modified or, if the auditor chooses to test controls, the auditor should test controls over the receiving, maintaining, and (where applicable) processing of information that are relevant to the auditor’s evaluation of whether the information is reliable. 

The new standard will apply to all audits conducted under PCAOB standards. Subject to approval by the Securities and Exchange Commission, the new standard and related amendments will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2025.  

For more information regarding the PCAOB’s standard-setting activity, visit our Standards page

***** 

About the PCAOB 

The PCAOB is a nonprofit corporation established by Congress to oversee the audits of public companies in order to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports. The PCAOB also oversees the audits of brokers and dealers registered with the Securities and Exchange Commission, including compliance reports filed pursuant to federal securities laws. 

Contact 

PCAOB Office of Communications and Engagement 
[email protected]