1、 Introduction
With the development of information technology in China, information construction and audit business are further integrated, and the concept of remote audit arises at the historic moment. In the past two years, affected by the COVID-19, the traditional on-site audit work had to face transformation. At present, the practice research on remote audit in China has not yet achieved a mature standardized system, and the relevant solution path research needs to be further deepened. How to deepen the practice path exploration of remote audit and take scientific and reasonable measures to optimize the countermeasures has important practical significance and social value in improving the mechanism construction, implementing targeted audit strategies, reducing audit risks and improving management level for enterprises.
2、 The concept of remote audit
(1) Concept definition
Remote audit, also known as off-site audit, refers to maintaining remote communication and cooperation with the auditee through network system connection platform, telephone, e-mail, voice and video conference function app, etc., using appropriate audit procedures to complete necessary steps such as information recording, conditional sampling, data analysis, fact confirmation, opinion exchange, etc., issue audit reports, and finally achieve the audit objectives and put forward corresponding rectification suggestions.
(2) Policy background
In 2004, the National Audit Office issued the guidance on audit informatization in 2004, which requires to vigorously promote the role of computer technology in audit implementation, improve the information technology content of the audit profession, improve the audit implementation means, and enhance the audit supervision ability.
In 2015, the general office of the CPC Central Committee and the general office of the State Council officially issued the framework opinions on several major issues concerning the improvement of the audit system and the supporting document implementation opinions on the implementation of full audit coverage, requiring innovation in audit techniques and methods, active use of big data technology, and greater efforts in comprehensive comparison and correlation analysis between business data and financial data, unit data and industry data, as well as cross industry and cross field data, Improve the ability to use information technology to check problems, evaluate and judge, and conduct macro analysis.
In 2019, the general office of the National Audit Office issued the guidance on internal audit in 2019, which requires actively innovating internal audit methods, strengthening audit information construction, strengthening big data audit thinking, enhancing big data audit ability, and comprehensively using on-site audit and off-site audit methods to improve the efficiency of internal audit supervision.
In 2021, the 31st meeting of the Standing Committee of the 13th National People's Congress passed the amended Audit Law of the people's Republic of China, which requires that the national government information system and data sharing platform should be open to audit institutions in accordance with regulations.
(3) Drivers
1. epidemic influencing factors.
The COVID-19 has had a great impact on people's work and life. Many factors, such as the large variation of the virus strain, the fast transmission speed, the increase of asymptomatic infection and so on, have further increased the difficulty of prevention and control, causing considerable practical difficulties for the audit work that requires on-site overall planning and the implementation of necessary procedures.
First, the time factor increases the audit quality risk. Generally, an audit plan in line with the business development of the unit was formulated at the beginning of the year. However, due to the impact of the epidemic policy on various regions, the audit task plan that should have been executed at a certain period of time was forced to be adjusted. The mobilization frequency of auditors was limited and they could not rush to the audit site in time, or after mobilization, the on-site audit time was uncontrolled due to the needs of epidemic prevention and control, so the on-site audit time had to be shortened, This has resulted in incomplete sampling considerations for audit matters, inadequate implementation of audit procedures, and a decline in the accuracy of the analysis process.
Second, spatial factors increase audit execution risk. The epidemic prevention and control policy puts forward strict requirements for travel. Auditors are faced with whether the auditee has the conditions to conduct on-site audit and whether it can conduct on-site visits to the audit matters. At the same time, some matters need to carry out corresponding audit procedures face-to-face, such as whether incompatible posts are separated, whether personnel at key risk Posts perform their duties, whether all links of internal control walk through test are organically connected, etc. once the work trace measures of the auditee are not in place, business changes, closures, employee resignation, layoffs and other situations occur, the restriction of on-site audit will have a great impact on the confirmation of key problem points.
Third, human factors increase the risk of internal control fraud. The epidemic has affected the economic development of all walks of life. Enterprises are faced with the reality that the business volume of target customers is reduced, the flow of goods supply chain is interrupted, and the pressure of capital flow is large. Some enterprises are faced with the pressure of income and profit assessment. In order to whitewash their business performance, they do not hesitate to take risks by means of false costs, cross period revenue recognition, signing false contracts or yin-yang contracts to make up the transaction amount, and insufficient provision for asset impairment, It leads to the distortion of report information, and even the risk of fraud, which brings challenges to the internal management of enterprises.
2. technological innovation factors.
First, improve the quality of audit information analysis. The era of big data has brought opportunities and means for digital technology innovation of audit work. Based on the integration and classification of data sources of auditees, scientific analysis ideas can be applied to select multidimensional audit sampling methods at different levels, build corresponding digital audit models in combination with screening conditions, perspective and analyze the data relevance of audit reports, simplify the audit process, and improve the accuracy of the system generating analysis results, It helps to reduce the audit risk to an acceptable level.
Second, optimize the allocation of audit resources. The information-based audit platform can make full use of technical control means to scientifically allocate audit resources. On the one hand, remote assistance has the attribute of point-to-point, so that auditors can get rid of their dependence on the audit environment and conditions. While reducing the travel costs of auditors, it can also reduce the reception and cooperation costs of the auditee. On the other hand, through the interactive integration of big data systems and the construction of visual and integrated models to form a digital monitoring mode, we can find more regular problems and give timely warnings, keep an eye on cross areas, capture data changes, obtain more high-quality output results while reducing human input, and accurately improve efficiency.
3、 Application strategy of remote audit
(1) Define audit objectives at different stages
To formulate the remote audit plan, the overall goal of "overall analysis, focusing on anomalies, phased implementation, and systematic research and judgment" should be clearly defined, and the audit should be fully combined with its functions of service-based and management promotion, so as to strive to highlight the key points, take appropriate measures, and be highly targeted. It must be clearly recognized that remote audit is not enough to completely replace on-site audit. The two complement and confirm each other. In the remote audit stage, it is necessary to get familiar with and master the overall situation of business operation activities, internal control and management process, form a preliminary audit judgment, find audit doubts, mark internal control loopholes, assess audit risks, determine audit scope, content and response measures, and put forward the needs of audit participants. In the on-site audit stage, it is more about further troubleshooting and confirmation based on the doubtful points and vulnerabilities found in the remote audit, finding the existing problems and putting forward feasible audit recommendations.
(2) Focus on remote audit
The remote audit implementation plan shall combine the actual situation of the auditee, highlight the work content and characteristics of the auditee, and maximize the operability and guidance of remote audit. On the one hand, we should determine the key issues based on the development direction of the enterprise. The remote audit shall analyze the business development of the auditee and the type of industry it belongs to, determine whether the business development chain is connected, and sort out and analyze the approval process, system regulations, asset inventory, etc. by logging in to the relevant business system, financial system, asset management system, etc., so as to seek a breakthrough; On the other hand, we should take the perception of the enterprise in the network as the key judgment, and combine the relevant regulatory systems to compare and verify the publicly disclosed information in the auditee's network with the business system. Relevant violations, handling penalties and superior rectification requirements can be included in the audit focus, so as to further improve the sensitivity of the audit to capture information.
(3) Remote audit preparation procedure
First, prepare a list of data requirements. Collect, summarize and analyze the pre audit investigation data remotely, review and investigate the collected paper and electronic data such as internal management system, important meeting minutes, contracts, etc., and be familiar with the basic information of the auditee's internal organization setting, business process, management system, decision-making method, supervision method, reporting and approval system, etc. The second is to issue questionnaires. Set the survey content and outline as questions or options, and form quantitative indicators in combination with the content to be understood, so as to improve the remote point-to-point work efficiency. Through the statistical analysis of the questionnaire design and results, we can focus on specific issues and comprehensively and objectively understand the possible risk points of the auditee. Third, interview survey. Through remote online video conference and other forms, interview and master the hot and difficult issues concerned by the cadres and employees of the auditee, collect more information in a wider range of personnel, understand the implementation effect of the internal control system of the auditee, and find a breakthrough in key issues. Fourth, carry out pre-trial training. Realize the unification of remote audit information system operation, audit document writing specifications and audit evidence collection standards. At the same time, train auditors to master the contents and requirements of the audit plan, as well as the laws and regulations, financial and accounting systems and industry special provisions implemented by the auditee, and clarify the audit objectives, audit priorities, audit response measures and audit division of labor.
(4) Remote audit implementation process
First, strengthen audit data analysis. Conduct horizontal or vertical comparative analysis of financial operation data such as financial statements and statistical data, consider various connotation relationships reflected in pre audit investigation data, disassemble relevant economic activities, find the change trend of various factors in economic activities, and find the breakthrough point of audit problems and possible clues in combination with abnormal waves. The second is to ensure that the evidence collection basis is sufficient. The auditors shall analyze, summarize and compare the audit evidence collected remotely, eliminate the evidence of duplication, redundancy and insufficient correlation, and prepare an audit evidence collection form based on the verified audit evidence. The time, nature, amount and other information of the problems found in the audit shall be supported by reasonable evidence to pave the way for the follow-up on-site audit. Third, ensure the integrity of audit records. The remote audit needs to objectively describe and record the problems and doubtful points found in the audit in concise and concise words, conduct online detailed communication with the specific handling personnel of the auditee, understand the process and background of the matters, and ensure that the time is clear, the organization is clear, and the basis is sufficient. If the preliminary judgment involves fraud and other sensitive issues, attention shall be paid to the scope of knowledge and communication methods.
4、 Reflections on remote audit
(1) Imperfect system guarantee system
First, the remote audit procedures and standards are not clear enough. At present, in the audit practice, most of the projects are still carried out with the on-site audit mode as the core, and are in the exploratory stage of how to carry out the remote audit, to what extent, what remote risks can be accepted, and what procedures must be implemented. In the audit related laws and regulations, standards, guidelines and other documents, there is no specification on the remote audit procedures and implementation standards, and there is no normative operation guide for the audit data analysis quality, process control and whole process audit evidence collection to implement unified standards. Second, the constraints on the auditee and related personnel are insufficient. Remote audit is still in the development stage in our country, and the overall awareness of remote audit is not enough for both audit units and auditees. Due to the lack of corresponding mechanisms, the cooperation to ensure remote audit is insufficient. For example, the normative constraints have not been realized in terms of the authenticity and integrity of the information content, the time limit for providing the information, the relevance of the cooperation quality and the accountability, which is likely to cause the audit risk caused by the insufficient scope of audit implementation.
(2) High risk of data integration management
First, the risk of data authenticity and integrity. Remote audit is highly dependent on the internal control environmental factors of the auditee. From the perspective of authenticity, there will be repeated or wrong manual entry of data, tampering with the trace of data approval, false filling without actual occurrence, etc; From the perspective of integrity, there may be situations that are not included in the corresponding accounts, the provision of sub sector data is missing, and the non system data is provided after being processed by the auditee. The second is the risk of data interaction interface. Affected by factors such as the difference in informatization degree and weak database connectivity, system information is prone to format conversion errors, failure to extract normally, verification and analysis failures, and unrecognized reading of cross system data when it is imported interactively from the interface, which will have a great impact on the correlation analysis between data, thus affecting the quality of audit verification. Third, data transmission management risk. Although the current network is sufficiently developed, data can be transmitted through wechat, flybook, nailing and other software or e-mail, and the corresponding important documents can be encrypted as required. However, if one party's account is stolen or hacked, it is very likely to cause the risk of disclosure of sensitive information of the auditee.
(3) The implementation effect of some audit methods is poor
The first is observation. Unlike the on-site audit, which can check and identify the original materials repeatedly, it is easy to ignore some details in the process of remote online comparison of materials, and it is extremely difficult to find subtle traces of data tampering. During the face-to-face interview of on-site audit, we can observe the body language and subtle movements of the interviewee, so as to maintain doubt about the authenticity of the reflected information, which is not available in the remote audit. The second is the inquiry method. Interview and inquiry were conducted with relevant personnel of the auditee through remote online video. As the interviewee area was framed, the actual operation of the auditee could not be inferred based on the overall office atmosphere, and the true reflection of the actual personnel size, business operation and financial data could not be verified. If the auditee has a high risk of fraud, it is even impossible to verify whether the identity of the interviewee is true. Third, the inventory method. The remote audit requires the cooperation of the auditee's personnel, especially the operation of video equipment to assist in checking the inventory of assets, inventories, consumables, etc., which is likely to narrow the angle and scope of equipment conversion, or replace the real-time communication with videos or photos taken in advance, unable to identify the overstock of inventory, idle assets, cash receipt, etc., resulting in damage to the audit independence.
(4) Insufficient training of informatization audit talents
First, the professional competence of informatization is low. The vast majority of auditors are from finance related majors, and their ability to deal with problems in information systems is relatively weak. At present, the implementation stage of remote audit only stays in the primary use stage of audit software and financial software, so it is difficult to further collect, mine and analyze data, and can not run through the requirements of the whole process of remote audit, making it difficult to find problem clues hidden in massive data. The second is the lack of systematic training mechanism. The contradiction between the accelerated upgrading of digital audit and the follow-up reserve of audit talents is mainly reflected in the imperfection of the systematic training mechanism, the low participation of auditors in the information system audit training courses, or the theoretical training content and insufficient practical operation, and some front-line personnel who have been immersed in the audit site for many years do not even have the time, opportunity or willingness to participate in the information technology training. Thirdly, auditors are not adaptable enough. During the transformation from on-site audit to remote audit, the daily collective cooperation of project team members has been transformed into the thinking of various sectors in an independent environment, from real-time inquiry of business lines with the auditee to the limited timeliness of remote answers to some problems. Great changes have taken place in observation habits, communication habits, analysis habits, etc., which is very likely to cause insufficient adaptability of work thinking adjustment.
5、 Countermeasures and suggestions of remote audit
(1) Constructing the guarantee system of remote audit system
First, the remote audit system documents were issued to standardize the process of implementation. In the context of auditing in accordance with laws and regulations, it is necessary to standardize the application of information technology in the process of remote audit evidence collection, formulate scientific and systematic operation guidelines, issue guiding practical standards, and specify targeted requirements for the whole process of remote audit plan, implementation scheme, review and test, process records, evidence form, file management, etc. according to the requirements of full audit coverage and the type characteristics of different audit objects, To make up for the institutional gap, improve the digital level of the audit industry, and maximize the effective compliance of the implementation of remote audit. The second is to clarify the guarantee requirements at the implementation level of remote audit. Remote audit has significantly increased the demand for the internal control environment elements of the auditee. The authenticity and integrity of financial account information, internal control documents and key business data are the basis for remote audit analysis. Therefore, it is necessary to establish a corresponding accountability system. When there are signs of tampering or false business in the data provided, and the data provided exceed a certain period of time, which affects the judgment of a specific time point When the data quality fails to meet the remote analysis requirements of auditors, clarify the responsibility handling and punishment measures under corresponding circumstances, prevent the occurrence of prevarication and concealment, improve the cooperation to ensure the effective implementation of remote audit, and reduce audit risks.
(2) Data penetration based on Intelligent audit platform
First, improve the integration of information interaction. For the internal audit work of the company under group control, the top priority to improve the effect and quality of remote audit is to achieve the compatibility and integration of internal systems, through the unified interaction and construction of the audit management system, financial management system (including fund management system), asset management system, human resource management system, business department operating system and other interfaces of the current level and subordinate units, During the remote audit, the remote auditors are open to set the corresponding operation authority, penetrate the data at all levels of the auditee, find the link mechanism through multiple data, realize the remote query and analysis of the data in a full range and in multiple dimensions, and extract sensitive information points from massive data, so as to prevent unauthorized operations and prevent the occurrence of tampering and false events. Second, set the specificity of the data transmission platform. On site audit data are mostly transmitted through physical storage media such as USB flash disk or mobile hard disk. However, due to space constraints, remote audit is only allowed to be transmitted online. In the internal audit work of the group company, data interaction can be realized based on the intelligent audit platform, and the management and operation mechanism of data sharing and exchange can be established and improved. The information technology department builds connections and protects relevant data and information transmission, and strictly avoids the use of non encrypted public networks. At the same time, we set up a highly secure enterprise exclusive mailbox or a group intranet communication plug-in and other media, set up a unified domain name, and the watermark function will be added after individuals log in to the relevant software. In case of data leakage, we can find the relevant handling personnel point-to-point to remind them to pay attention to risk prevention or accountability, which not only prevents the possibility of using wechat, flybook, nail and other general communication software to exchange data leakage, It can also restrict the relevant staff and timely respond to and deal with the risk points.
(3) Promote the idea of "remote + on-site" integration
First, focus on on-site audit confirmation based on remote audit judgment. For the authenticity problem, the remote audit judges whether it is consistent with the actual situation through video software, which needs to be confirmed during the on-site audit. For example, the inventory of cash, assets, inventory and consumables, the internal control of warehousing and warehousing, and whether the signing elements of major contracts are complete. Second, improve on-site audit review in combination with remote audit analysis. For clue problems, the analysis of relevant data and sorting out of matters by remote audit need to be verified in the process of on-site audit in combination with actual data. For example, whether the information on price inquiry and comparison or public bidding and tendering for equipment procurement is complete, whether there are bidding after implementation and illegal bid collusion, whether there are scrapping and write off assets that have not gone through the approval procedures, low-cost disposal, false write off and illegal transfer of state-owned assets. The third is to make up for the lack of remote audit and improve on-site audit. For the problem that the remote audit cannot be carried out, it is necessary to check the relevant original data in the on-site audit stage to ensure the integrity of the audit scope and achieve the role of checking deficiencies and filling gaps, such as the original meeting minutes of the decision-making on "three important and one big" matters, the original confidential materials related to salary or subsidies, financial original vouchers and relevant original bills, so as to reduce the audit risk.
(4) Focus on strengthening the construction of compound talents
First, strengthen the professional capacity-building of data processing. Auditors should change their working habits under the traditional audit ideas, explore and master information-based data analysis and processing methods on the basis of constantly deepening the professional quality of audit, improve the ability to capture audit risk points, and summarize and improve practical experience from different business types. Establish an information-based audit talent echelon, divide the corresponding levels of high, middle and early stages according to the auditors' remote audit experience, and realize the role of "mentoring" in combination with the previous remote audit task experience, so as to ensure the steady improvement of professional quality. The second is to establish a systematic training and assessment mechanism. The unit shall formulate training plans related to information-based audit content, hire professionals to regularly carry out training courses combining theory and Practice for auditors, cultivate auditors' thinking ability on information technology, and improve the vitality of the organization in using network information technology. At the same time, the correlation between data analysis and processing capabilities, technical methods and audit results is included in the performance appraisal, forming a virtuous circle to stimulate the continuous improvement of auditors' informatization level.
6、 Conclusion
To sum up, under the influence of the epidemic, the development of remote audit shows a normalization trend, and it is necessary to continue to explore and summarize the differentiation strategies between remote audit and on-site audit under the traditional mode. This paper puts forward relatively clear countermeasures from the four aspects of system guarantee, data connection, "remote + on-site" integration and talent team construction, laying a foundation for remote audit to optimize ideas, innovate methods, promote performance, improve quality and efficiency in adapting to the changes of audit environment.