How are leading audit firms managing transactional data collection?
In a conversation with BDO and Grant Thornton UK, I explore how they have been collecting transactional data in the past, the challenges they faced around this, how they are doing it now and what they think the future will bring.
Both firms achieved significant improvements to processes and workflows by implementing the right technology to help them with transactional data collection, which we will explore further in this article.
BDO and Grant Thornton UK
For this article, I spoke with Bethan Duffy from Grant Thornton UK and Greg Homer from BDO.
As Digital Audit Manager at Grant Thornton, Bethany Duffy is in a unique position to comment on her experience with collecting, managing and working with transactional data.
Greg Homer, Data & Analytics Director at BDO, has over 14 years of experience in Digital Financial Audit, spanning technology and data risk matters, including risk and finance analytics, data strategy and data governance.
The status quo: client-led bank data provision
To start, I want to get Bethany’s and Greg’s take on how transactional data collection has been happening so far at their firms.
We often hear from customers and others who join us in conversations that bank statements are still largely collected by paper, a situation that can be frustrating both to auditors and their clients. Receiving this vital information via this channel takes a lot of checking, chasing, standardising and processing before this data is a usable part of a digital workflow.
Greg elaborates: “Typically, our financial teams would get data in any way possible. So, in some cases it would be PDFs, in other cases paper statements, CSV downloads, or Excel documents: It would mean we'd have a lot of inconsistency in terms of the approaches by different audit teams, making it harder to deploy methodology in a consistent way and to ensure our teams have the complete and accurate population.”
And Bethany explains how it used to work at GT: “Previously, we would go on-site with the client, or when COVID hit, it would be screen sharing: we'd have to sit and watch all of these 12-monthly reports. Not only is that time-consuming for us, it's also time-consuming for the clients.
What’s more, the data we get out of being on-site or during screen-sharing is not actually that useful: we can't filter; we can't sort. The other big issue is that CSVs and Excel files can be edited. To address those main points, there is a big opportunity to be had with Open Banking and specialised technology for transactional data collection.”
Because data supplied by the clients isn’t usable in the form in which it is received, extra time and effort need to be invested to transform it into something which is usable and tangible on an audit file. This means a lot of time spent on collating and ingesting data; time that could be, and most likely should be, focussed on testing.
The now: leveraging technology for independent transactional data collection
How can we move from the challenges of the status quo towards a model that leverages available tools and paves the way to further innovation?
Direct-from-source bank data collection is part of the now: standardised data, direct from source, from one single provider. The final component of this is being able to build upon that to unlock further options and possibilities.
Open Banking connectivity and APIs are the cornerstone of transactional data collection direct from the source. So how is this being leveraged at GT and BDO?
Bethany explains: “The standardisation is a real key piece for us, not only the standardised data, but the fact that we can also get a standardised process. We use the Circit dashboard for this, but also APIs which we then add into our processes, that ensures that we have this consistent and standard approach that all audit teams can use. Ultimately, it gives us increased assurance over that cash balance, because what we get is direct from the source and there is no potential manipulation of that bank account.
We back this up with training to educate local audit teams in the use of Open Banking transactional data collection and to show them the real benefits: for them, and for the quality of their work.”
Open Banking can be leveraged with or without custom-built systems and processes, via APIs. Firms will need technical expertise in-house to build API connections and integrate with existing systems. Firms that don't have the capacity or teams to do that can opt for a platform like Circit, which takes care of that component for them, not only providing the opportunity to start unlocking efficiencies and improving audit quality, but also minimising the time to realise the benefit on their engagements.
Greg: “We've actually taken the decision to build our own in-house solution to ingest that bank data automatically and share with the individual teams what we want them to do. That enables us to tie it very tightly to a methodology and approach an ultimate documentation audit file. We're able to do that quite efficiently, and to a high quality, because of the features we get with Circit.
The feedback from our teams is only positive: they want more, and they want to use it on more audits. A big challenge around analytics will always be getting data, but we're now starting to solve some of those challenges, specifically in terms of audit quality, efficiency and insight.”
The future: towards automated testing?
On that hopeful note, we turn to the last topic we discussed: the future that is being unlocked by Open Banking developments. Can we move towards automated testing, such as automated ledger testing: taking a general ledger extract from the client, and automatically match it to independently obtained transactional data through APIs?
Looking 2 years ahead, what are the hopes in the teams at BDO and GT?
Bethany: “Once you've got the banking data, it sparks this kind of explosion of innovation as to what you can do with it. It gives us a wealth of insights and analytics. There is also automated ledger matching coming within reach. Previously, we wouldn't have dreamed of doing any of these things, but now we are starting to look into it.
Streamlined transactional data collection can be particularly helpful with cash work, as it will allow us to really have that pervasive impact on what we do on cash. It's not just decreeing it to a bank letter, we can look at the cash balance over a period of time, we can start to look at the health of a business, we can see bumps coming in the road in advance of when they actually happen.”
Greg: “The hope would be to move into automated matching en masse: to bank confirmations, digital bank confirmations, matching to the ledger and subledgers. With better transactional data collection and this data coming through, it makes it more accessible for more of our audit bodies.
We'll also have that greater history of data that’s needed to do more profiling over time: previous performance, current performance, even predicting future performance. At the moment, we’re generating 15 months’ worth of data. We're able to build that up over time, so in the future we can use 24-36 months to inform analysis. In terms of audits, it becomes more about what we expect, as opposed to what we are doing.”
Open Banking API connections are the foundation of unlocking what Bethany and Greg mentioned. A platform like Circit can help bring this within reach for teams that don't have the in-house expertise to build these systems themselves.
This is made possible with our product, Verified Transactions, which unlocks transactional data collection directly from client accounts. Clients authorise this access securely and directly in their familiar banking environment, after which auditors can see transactional data associated with the accounts they have been granted access to view directly on Circit. These transactions can then be downloaded in a standardised format, ready to work with.
In conclusion: the barriers to implementing technology
Despite the increased appetite for Open Banking solutions, there are still (perceived?) hurdles standing in the way for some firms.
One of these is assessing ROI. I think this will become clear from time saved on audit files and then invested in deeper analysis which clients will appreciate.
Another concern, client buy-in, will also diminish over time as clients and audit teams alike turn to technology more readily. Finding the right vendor – or choosing to build infrastructure in-house – are both facilitated by the wide range of options available and the renewed and increasing trust in and positivity towards technology.
Finally, staff engagement: as both Greg and Bethany mentioned, teams will learn to embrace new technologies if they are proven to make processes easier. With the right training, this point is easily addressed.
So, what is next? Forward-looking firms embracing new technological possibilities find themselves in the perfect position: options to choose from, examples from other firms having successfully embraced these changes and a lot of knowledge sharing available to guide them.
Want to know more?
If you are interested in Circit’s solution for transactional data collection, visit our Verified Transactions page.
For an overview of our evidence collection platform, feel free to book a 1 on 1 demo in which we can advise you on the best setup for your firm.