Share this content

How do you publish your data to your auditor?

Or, how painful is it to publish data to your auditor?

Didn't find your answer?

If you are:

  • a company, or corporate group;
  • subject to a UK audit;
  • turnover between GBP 10m to 100m;
  • whose auditor recognises that "artificial intelligence" audit is a non-starter;
  • whose auditor performs mainly substantive audit testing (an instrinically manual process); and
  • you are a nearly-paperless enterprise;


Q1: How do you publish your initial audit packs to your auditor (for audit planning, i.e. weeks before the onsite audit)?

a. print everything out to paper, post it to the auditor?
b. burn a DVD, post it to the auditor?
c. download the data to your workstation from your server(s), then up-load the data into a portal (either your own portal or your auditor's portal)?
d. wait until the onsite phase happens, then download the data to your workstation from your server(s), save it onto a USB stick and hand it to the onsite audit senior/junior/whoever?
e. give your auditor a login to your server(s) and give them rights to a dedicated, read-only part of the server where the auditor can download the initial packs, plus any additional data sought during the onsite audit?
f. give your auditor a login to your server(s) and give them rights to the same online services that you use daily?
g. email the data as a single, massive encrypted ZIP file?
h. email the data as a series of encrypted ZIP files?
i. email the data as a series of unencrypted files, unzipped?

Q2: How do you publish data to your onsite auditors while they are onsite?

a. print to paper, hand it to the auditor?
b. burn another DVD (twice a day?), hand it to the auditor?
c. up-load the data into a portal (either your own portal or your auditor's portal) (twice a day?)?
d. save it onto a USB stick, hand it to the onsite auditor? (bonus Q3 below!)
e. remind the auditor of the online credentials they already have?
f. email answers to queries in batches;
g. email the answer to a query one-for-one (audit-by-email, i.e. why is the auditor bothering to be onsite?!)?

Q3: bonus question if you use USB sticks.  Do you:
a. re-use the same USB stick, poking into your auditors' laptops and your own workstations as if nothing matters?
b. if a = yes, then does your IT department agree with such practice?
c. if a = yes, what controls do you perform on the USB stick before re-inserting it into your workstation?

Replies (9)

Please login or register to join the discussion.

By frankfx
10th Jul 2019 06:28

For a fee your auditor may advise you.
Or , in the interest of independence ,pass you on to their consulting arm to generate a juicier fee .

Thanks (0)
Replying to frankfx:
By martinengland
11th Jul 2019 18:09

lol - yes, good answer, but one that doesn't quite meet my needs.

I guess there's a fee for that too...!

Thanks (0)
By SXGuy
10th Jul 2019 07:50

Are you asking people to complete an exam paper for you or something?

Thanks (0)
Replying to SXGuy:
By martinengland
11th Jul 2019 18:12

This is not an exam paper question. It's about how different businesses feed their auditors with working papers/calculations/invoices/evidences/etc.

Thanks (0)
By paul.benny
10th Jul 2019 09:00

The question reads as if the OP is data-gathering to pitch a product.

My answer is that it depends. It depends on what the data is (simple spreadsheet vs transaction dump). It depends on what facilities the auditor has available (some have an audit portal). It depends on the sensitivity of the data (I might encrypt payroll data but not necessarily depreciation calculations).

Thanks (1)
Replying to paul.benny:
By martinengland
11th Jul 2019 18:16

Thank you for your insight.

To define the dependencies: the auditor currently works manually (substantive testing), has a portal, the data isn't particularly commercially sensitive. The data comprises hundreds (maybe low-thousands?) of spreadsheets and PDFs. All time-consuming to shunt around the place manually. There must be a better way. Any ideas what it might be?

The OP is data-gathering, to an extent, to find how best to use existing products, and what those products might be.

Thanks (0)
Replying to martinengland:
By paul.benny
12th Jul 2019 15:49

To go into a bit more detail – I am generally driven by what my audit team request, which typically ends up being a chunky set out uploads to their portal followed a trickle of spreadsheets, copy invoices and other documents to deal with subsequent requests.

The workload, of course, is about collating the data they require rather than submitting it. So I’d be looking to work during the year in ways that made it easier to provide the auditor with data. (hundreds of spreadsheets? If you say so, but really?)

I would need a lot of persuasion to let auditors loose in my network or systems. Who knows what inadvertent damage they might do.

DVDs, USB drives are a bit old hat but can serve a purpose.

Thanks (0)
Routemaster image
By tom123
10th Jul 2019 09:17

None of the above.
Our auditors have a dedicated logon to our systems and crack on themselves,

Thanks (0)
By Mr_awol
10th Jul 2019 10:56

Leading questions usually result in useless data.

In this case you've assumed that AI audit is a 'non starter' and that the only alternative is to carry out 'mainly substantive testing'. In fact there are many valuable parts of the audit process that don't involve either and some of them could feasibly be replicated by AI.

You have also grouped clients by t/o in a range of £10m-£100m which is a bit of a spread. Up to £25m or so most of our clients have a very simple system and all we get (or need) before the onsite work is either a CD or a single lever arch file. Access whilst on-site is agreed depending on the client's systems but it never becomes overly complicated or onerous.

Thanks (0)
Share this content

Related posts