Improving audit risk assessments with AI-driven analysis of Accounts Receivable and Accounts Payable subledger data

Improving audit risk assessment longterm


The cornerstone of well-planned and high-quality audit engagements is a robust risk assessment process. Such a process is critical to identifying risks of material misstatement and their relative significance by providing a fulsome understanding of the entity subject to audit and the environment in which it operates.

The nature and extent of these audit risk assessment procedures will certainly differ from engagement to engagement, reflecting different types of operations, industries, and financial reporting complexities, however preliminary analytical review procedures are a common thread across all audits as a requisite component of the risk assessment process.

Traditional preliminary analytical review procedures

Practically speaking, preliminary analytical review procedures could include any combination of the following (not exhaustive):

  • Comparing actual financial performance to historical trends and balances
  • Reviewing actual financial performance (ratios, key financial metrics) against industry benchmarks
  • Reviewing actual financial performance compared to management forecasts and/or budgets
  • Performing inquiry of management to ascertain operational drivers for certain trends and patterns in the year-over-year results (i.e., “what’s changed?”)
  • Examining any material new contractual agreements executed in the period (leases, customer contracts, debt agreements, etc.)

Traditionally, these types of analytical review procedures take place at the level of how the financial statements aggregate the data by account or class of transactions, or perhaps at more granular levels of the chart of accounts. For example, you may compare how gross margin in the current period compares to historical periods or how increases in inventory year-over-year tracks with corresponding movement in the cost of sales accounts. In any case, it is ultimately the general ledger trial balance data and activity detail that underpins this type of review.

With a view towards a robust risk assessment process and obtaining a deep and operationally relevant understanding of your client’s business environment and financial performance, analysis and interrogation of the AR and AP subledger data as a complement to the traditional preliminary analytical review procedures at the financial statement level could be a source of highly valuable context to the results and empower you to conduct a more focused inquiry of your client’s management.

Accounts Receivable & Accounts Payable as critical inputs to audit risk assessment

Visualizing and interrogating subledger data can provide high-value insights and expose “root causes” behind some of the general ledger variances and patterns identified as part of your traditional preliminary analytical review procedures. This empowers you to better pinpoint an assessed risk and tailor your testing approach to most efficiently respond to that assessed risk.

Some examples of how to best leverage subledger information include:

Understanding how certain vendor and customer aged balances trend throughout the year

The aggregate total values of AR and AP at balance sheet dates might be relatively consistent year-over-year but there may be cause for further investigation and inquiry if, for example, the monthly ending balances demonstrate significant volatility throughout the year or seem out of pace with corresponding monthly sales or purchasing trends.

Understanding operational key performance indicators for customer and vendor “health”, and tracking those over the audit period

Tracking basic operational metrics like Days Outstanding and Turnover ratios, for specific vendors, customers, and in total, provides a lens of relative customer “quality” or vendor settlement patterns that may allow for risk to be identified more granularly. Comparing these ratios for a particular customer against the “aggregate” value allows you to identify specific customers or vendors that lag the overall average and therefore may indicate an existence or valuation risk around those balances or underlying contracts.

Expose the nature and volume of transactions on credit with related-party customers and vendors

Reviewing the subledger detail for transactions with all related entities is information that may not be readily available on the surface of the general ledger data and the relative dollar volume and activity of these transactions could be relevant to how risk is assessed around the accuracy, valuation, and presentation assertions.

Surface invoices or other records in the subledger (debit or credit memos, unapplied payments, etc.) that may be significantly aged

Isolating items in the subledgers that are significantly aged may tie directly to the risk around valuation and existence of these items specifically. Under a more nuanced lens, the existence of these types of stale records (or lack thereof) may be a relevant consideration to corroborating your understanding of the controls framework and how closely the subledgers are being reconciled and actively maintained.

Evaluate the volume and frequency of transactions at the level of a specific customer or vendor to corroborate inquiry of management and your understanding of the entity

Understanding basic data points around volume and frequency of transactions with a particular customer or vendor may help corroborate information learned from inquiry or your knowledge. For example, reviewing transactions with the entity’s landlord to confirm that 12 monthly equal rent payments were posted. Scanning this type of activity (either manually or with automated techniques) can surface invoices or payments for amounts that are potentially unusual for a certain customer or vendor and therefore perhaps may be indicative of risk.

Review for the volume and frequency of manual adjustments directly to the subledger detail

Manual adjustments or entries directly to the subledger, i.e., entries that don’t have a commercial document of record (invoice, cheque, credit memo, etc.) associated to them, may indicate fact patterns or internal processes that warrant further consideration from an audit perspective.

Perform basic statistical and rules-based tests and interrogate the subledger data to inform risk assessment

Certain procedures around data quality that are traditionally associated with journal entry testing, such as the following, may be very relevant to the subledger information. This includes any “hits” that would be relevant to deepen your understanding of your client’s accounting system and internal control framework and also advise the severity of assessed risk:

  • Reviewing descriptions for suspicious keywords
  • Duplicate document IDs
  • Two-digit Benford analysis
  • Other rules-based tests

How MindBridge automates and streamlines AR & AP subledger analysis

MindBridge Ai Auditor has dedicated AR and AP modules that automatically analyze the subledger data and, without any scripting, provide high-value visualizations of the data and transaction-level analysis. These capabilities empower you to leverage subledger-level insights and anomalies as critical inputs to the audit risk assessment process.

Trends and patterns

Ai Auditor provides the ability to visualize how monthly AR and AP balances or net monthly activity tracks over multiple years, at the customer and vendor level and also in aggregate. The visualization is customizable and provides the ability to compare certain customer or vendor trend lines against each other and identify patterns of deviation.

Vendors and customers who are related parties to the entity subject to audit are flagged directly in the summary detail to identify for specific review. 

internal audit tools

Key performance indicators

Days Outstanding and Turnover ratios are calculated at the customer and vendor level and visualized on a monthly basis, allowing you to identify where there are periods of potential distress or deteriorating quality. Similar to the ending balances and activity, you are also able to customize the visualization and compare certain customers or vendors against each other along the lines of these metrics to expose patterns of interest.

internal audit results

Ai Auditor also automatically identifies any new customers or vendors in the audit period, allowing you to identify the related volume of sales or purchasing growth specific to these entities.


Aging at the customer and vendor level is automatically calculated and captured across respective buckets of days outstanding (0-30 days, 31-60 days, etc.). For certain entries that are significantly aged or stale, you’re able to drill-in to all the transactions with a particular customer or vendor and ascertain which invoice(s) are contributing to those totals.

internal audit and governance

Data interrogation and risk

Navigating and querying the transactional level data via the Data Table in Ai Auditor provides a powerful and effective way to explore and validate the subledger activity. The Filter Builder functionality allows for multiple conditions to be placed on a query, using any element of the transactional record (date, amount, user, entry type, etc.). This allows you to build and save functions that allow you to get a sense of the type, frequency, and volume of transactions with certain vendors or customers.

reasonable assurance audit

Control Points, which are various statistical, rules-based, and machine learning tests, are run against every transaction and the results are summarized on a dashboard that supports interactions like filtering and drill-through.

corporate internal auditor

Combining the query building capabilities of the Data Table with the feature of every transaction being scored against the various Control Point tests, you are empowered to identify relevant populations for sampling and have selections automatically identified on a risk-stratified basis. Approaching the sampling process through the lens of transactional risk ensures that you’re focusing your audit procedures around the entries which appear anomalous.

Take the first step towards unlocking critical subledger-level insights for risk assessment

To learn more about Ai Auditor and subledger analyses, contact