It’s not surprising that Anton Bouwer, Brussels-based consulting manager of ACL Europe, says the collapse of Enron has been good for business. ACL, which started as a small Canadian software house in the 1970s, has become the world’s largest provider of software applications for corporate auditing. Today, ACL’s products are used by internal and external auditors alike, and handle everything from data analysis and compliance monitoring to network security assessment and forensic accounting.

Yet, as Bouwer notes, long before Enron — and other less spectacular corporate nosedives — forced auditors into the spotlight, many of them were already ramping up their use of software tools to help them do their jobs. “Internal auditors are under pressure to play an even greater role in strengthening internal control and governance by providing their companies with wider, deeper data analysis on a regular basis,” observes Bouwer.

This, in turn, has dramatically changed the types of software auditors reach for. “Auditors need to spend quality time on solving exceptions, rather than finding them,” asserts Bouwer, adding that this allows them to go beyond routine policing and take on more value-adding responsibilities, including risk management.

The question is: Do current auditing tools meet the taxing demands of their users? Charles Le Grand, director of technology practices for the Florida-based Institute of Internal Auditors (IIA), an international professional organization, believes they do. As evidence he cites the results of the seventh annual software survey of nearly 600 internal auditors worldwide, which was conducted last summer by Internal Auditor, a magazine published by the IIA. The survey revealed that respondents were generally happy with the quality of the software tools they have at their disposal, particularly applications designed specifically for auditing professionals. These include software from ACL and CaseWare, as well as propietary programs.

The results are not overly surprising. These days, most audit programs are Web-enabled. Hence, auditors can now access, read, analyze and manipulate data files drawn from all sorts of sources, including legacy mainframe systems. They can then present that information in a user-friendly format for workers in other departments. That’s a big time-saver.

What’s more, the latest versions of audit software is a whole lot easier to use then earlier releases. “Ten years ago, using audit software meant a lot of programming,” says Ulrich Hahn, a member of the corporate audit team of Alcatel, the French telecoms-equipment supplier, which has installed ACL’s software across its entire global operation. “Now, you just point and click. The benefit of that cannot be underestimated.”

Vim Vendors

The job of an auditor is getting tougher in at least one respect, however. Software selection is a lot trickier than it used to be. According to the IIA survey, companies often implement a combination of home-grown applications and off-the-shelf packages. Thus, an auditor might use one tool to extract data and another to present the data over the corporate network. Further, an auditor’s toolbox now includes software used by other departments. “Increasingly, auditors are using the same types of tools as IT professionals,” notes Le Grand.

In fact, one of the most striking changes to take place within internal auditing departments is the growing use of applications that fall under the banner of business intelligence. A number of vendors specializing in business intelligence are now pushing their offerings into the auditing arena. The pushers include Business Objects, SAS Institute, Coda, Hyperion, Crystal Decisions, Cognos, and Adaytum.

All of these companies maintain that their products complement those that internal auditors use. “Our products weren’t designed with audit specifically in mind, but the principles are the same — getting the right data in front of the right people at the right time,” says Donald MacCormick, a product manager at Crystal Decisions (formerly Seagate Software), which makes browser-enabled enterprise-reporting products. “It would be a natural thing for an internal auditor to write a report with Crystal and share it over the Web with external auditors.”

Some ERP vendors also see a place for their products in auditing departments. Brian Gregory, a former internal auditor and now a marketing director for Oracle’s E-business unit, trumpets the virtues of Daily Business Close (DBC). Launched in February as a rebranded version of Oracle’s latest E-business suite, DBC lets auditors access up-to-the-minute performance reports from various parts of a company. “It supports the need for companies to monitor adherence to key performance indicators on a regular and, increasingly, real-time, basis,” explains Gregory. “The term ‘dashboard’ is overused, but that’s what it is.”

Despite the growing choice of tools, however, many companies cling to the tried-and-tested. The IIA’s survey found 21 percent of businesses continue to rely on spreadsheet software to extract and analyse data. The comfort factor seems to have much to do with this — along with costs. Indeed, cost is one of the main reasons auditors hang on to their old spreadsheets.

But makers of auditing software contend that any auditor using a spreadsheet is missing a trick. “As with other office suite tools, there’s a tendency to think of spreadsheets as free,” says Pamela Eichhorst, a marketing manager for Hyperion, which specializes in business analysis software. As Eichhorst sees it, companies often underestimate the maintenance cost and training needed with spreadsheets, while overestimating the quality of information found in them. “They just keep rolling it out,” she says.

They also keep rolling out in-house software. The IIA survey revealed that home-grown audit solutions are becoming increasingly popular. In fact, the overall proportion of corporations developing their own programs internally has nearly doubled over the past over the past year or so, notes the IIA.

Non-Stop Audit

This is not to say that audit software, whether off-the-shelf or inernally built, is perfect. Many auditors say it can be difficult keeping current with software upgrades in other departments. Noted the IIA study: “Remarks concerning the audit staff’s ability to ‘effectively audit the auditee’s changing technology environment’ were far more common than those relating to software within the audit department itself.”

Sticker shock is another concern. While the size and scope of internal audit departments can vary enormously, ACL reckons that its large corporate clients — that is, those with 100 or more auditors — invest initially on average of $80,000 in audit technologies, with $20,000 being spent annually for additional tools, consulting and training.

Still, the IIA notes that most of the auditors in its survey said they plan to increase their software usage over the next three to five years. The area that will receive the most investment is data extraction and analysis, along with network security assessment.

That doesn’t surprise Le Grand of the IIA. “Auditors have been using software for data analysis and other sorts of auditing for a long time,” he says. “But now we’re finding that auditors are able to get much closer to the source of a problem and move towards continuous auditing using real-time information.”

And this is just the beginning, he says. He believes demand for timely, accurate data is sure to escalate as other parts of the company begin working in real time. Adds Oracle’s Gregory: “In previous decades, when labor was cheaper, auditors would spend a long time sifting through data. Companies just don’t have that luxury anymore.”