Providing Assurance Services in an IA World

Part I – Control Principles

Intelligent automation (IA) is getting the attention of finance teams, operational environment leaders, and shared service center executives across the world. Not to mention, it makes regular appearances in most major business periodicals.   

Think IBM’s Watson – IA covers all technologies from robotic process automation to artificial intelligence. It is a set of technologies that enables accountants and process owners to configure a software robot to execute, manage, control and audit process tasks. It analyzes data required to manage business and reports on business operations to an experience-based, decision-making software robot.

But like any technology that impacts business, it will require the application of standard control frameworks and principles to ensure that the robots are performing as intended. The good news is that these are the same principles that have been applied to processes and applications for years.

So how will an internal accountant or a CPA firm providing advisory services, audit services or bookkeeping apply control principles in an environment dominated by IA?

The answer is that an effective, principled approach will be necessary for all CPA practitioners and companies, from small practitioners to the Big Four.

Control principles were developed over many decades to help business leaders keep tabs on what is taking place inside the business, which became more of a challenge as businesses grew from small storefronts to the multifaceted operations that exist today. Questions emerged, such as: Is fraud reduced or eliminated? Are physical assets being protected? Is electronic customer and business information accurate, complete, timely and protected? 

To help guide businesses in answering and managing such questions, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) created a framework in 1992 that provided guidance around risks and controls. In 2013, to address the digital age, 17 COSO principles of effective internal controls were updated. The Seventeen Principles of Effective Internal Controls still focus on environment, risk, control activities, communications inside the business and monitoring efforts. 

Two of the 17 controls, “Selects and develops control activities” and “Selects and develops general control activities over technology,” focus on control activities, just as in the past. But now, general controls must be developed over technology. What does this really mean? It means looking at all technologies in the business, from desktop applications (such as Excel and related macros) to emails and enterprise reporting platforms for weaknesses that might result in errors or fraudulent activities. Not an easy task for any organization.

No longer is a control just a physical control activity (like locking the front door of a business), but in a virtual environment, the application of such principles has become more complex. Changes in technology are about to make control activities much easier to implement, ultimately leading to a reduction in key controls. Continuous controls (preventive, detective, corrective), continuous audit and real-time controls of core business technologies are just around the corner.

Steve Palomino, CPA, CGMA, CITP. Steve guides businesses in the application of software robotics strategies that increase controls over operations and reporting, resulting in significant effort reduction, efficient transparency and continuous audit capabilities.  

     

Related Stories

• Rethink Your Nonprofit’s Chart of Accounts, Part II
• Getting Ready for Assurance has its Benefits
• 6 Planning Ideas for Advising Entrepreneurs