By Ryan Godbey, CPA

At a first glance, it’s easy to envision that modern audits are all about cutting-edge data analytics and anomaly detection. But a vast portion of today's internal and external audit work still centers on one thing—meticulously comparing financial data against substantial volumes of source documents. Far from being mere paperwork, these documents are the backbone of the audit, underpinning substantive tests and validating internal controls in rigorous reperformance tests.

Quality audits demand more than routine number crunching—they hinge on the auditor’s ability to engage in deep, thoughtful analysis. Yet, the relentless grind of tracking requests, chasing down missing documents, and reconciling inconsistencies in the “Audit Request” (AR) or “Prepared By Client” (PBC) list process forces auditors into a repetitive, mechanical “assemble” mode. This shift robs them of the mental space needed for that vital “assess” phase, where real insight is forged, thereby ultimately undermining audit quality.

In this article, I will focus on accomplishing three key actions:

1. Explain why auditors still request a high-volume of source documents  

2. Reveal the strain of the PBC process and its impact on audit quality  

3. Provide actionable steps for auditors to improve the process

Why auditors still request a high volume of source documents

First, let’s define the types of documents that auditors request. Some, like account reconciliations, are typically manageable in volume. However, the real challenge arises with source documents—records created by external parties that serve as evidence for amounts recorded in the general ledger. Common examples include bank statements and vendor invoices.

Now let’s move to the circumstances under which source documents are commonly requested by auditors. The most apparent use case is in substantive testing, but their use is less apparent in data & analytics and internal control testing, so let’s delve further:

Data & Analytics: Source documents are often important for validating the reliability of data used in analytics and for investigating anomalies. For example, when analyzing a sales data population, auditors often compare key data elements—such as customer names, transaction amounts, and dates—against source documents to ensure the data’s accuracy.

Internal Control Testing: When it comes to controls, these documents are non-negotiable. If a control requires reconciling to bank statements, you need those statements at hand to verify that the control truly functioned as intended.

It’s important to note that auditing standards (e.g. Global Internal Audit Standards and PCAOB Standards) emphasize auditor responsibility for reliability of information used in audit procedures, requiring it to be complete, accurate, and sufficiently precise.

Now, consider the sheer volume. A modest audit—with 20 individual test procedures, 25 samples per test, and just two documents per sample—forces you to juggle over 1,000 documents. In more complex audits, that number of documents can easily escalate into the tens or even hundreds of thousands.

Strain of the PBC process and its impact on audit quality

Many assume that auditors pull most evidence directly from company systems. In reality, though, the bulk of the evidence comes through painstaking request lists handed off to management—submitted via emails or clunky portals. This isn’t a seamless process; it’s a manual, time-sapping slog for everyone involved.

Auditors already face significant challenges due to the increasing complexity of audits and tight deadlines. Managing the PBC process by tracking thousands of samples, each requiring specific supporting documents, quickly becomes overwhelming. Auditors often spend hours on repetitive, manual tasks like cross-checking whether all requested items have been submitted. This diverts attention from higher-value activities that demand critical thinking and analysis.

The cognitive toll of this workload is particularly concerning. When auditors focus on gathering and organizing data, they operate in the assemble mindset. This mechanical approach leaves little mental capacity for the assess mindset, where auditors carefully analyze information for accuracy. Repetitive tasks lead to mental fatigue, reducing the ability to identify patterns or red flags. For example, an auditor in assemble mode may ensure that all documents are present but miss warning signs, such as transactions exhibiting unusual characteristics.

Constantly flipping between these mental modes is draining—and it raises the risk of errors that could compromise the audit. High-caliber audits demand sustained, focused analysis. When PBC management gobbles up your time and energy, that focus evaporates. The solution? Streamline the process so you can get back to what really matters: delivering incisive, high-quality audits.

Actionable steps for auditors to improve the process

Hopefully by now I’ve convinced even the non-auditors that PBC management is challenging which can lead to significant problems. I have a process that I’ve instilled in my teams over the years, that’s worked well and is now bolstered by advancements in technology. I don’t have a fancy name or acronym for it. My advice - just do it.

‍

Set the Tone:

Audit and management leadership must prioritize the PBC process as essential to audit quality. Steps include:

- Emphasizing mutual accountability for the PBC process.

- Tracking relevant metrics, such as:

- Number of revisions to initial requests.

- Timeliness of PBC issuance and fulfillment.

- Frequency of clarifying comments.

- Establishing improvement goals for these metrics over time.

Get Specific:

Auditors should:

- Clearly define the attributes of each planned audit procedure.

- Identify specific reports, files, and data elements required for testing.

- Map planned audit procedures to corresponding PBC items, ensuring clarity for all team members.

- Collaborate with management to refine requests and agree on due dates.

Leverage Modern Technology:

Modern tools can significantly alleviate the administrative burden of PBC management:

AI-Powered Feedback: Use large language models (LLMs) to evaluate PBC lists for clarity. I recommend the evaluation is performed using a structured prompt with a stated objective of minimizing ‘back and forth’ clarification with management and focuses on a review of specificity, including in file names, types, and dates.  

Advanced PBC Portals that:

- disaggregate requests into granular line items, simplifying document tracking.

- employ AI to verify whether submitted documents meet audit requirements, reducing manual review efforts.

Improve

- Regularly review and refine the PBC process by:

- Analyzing performance metrics.

- Gathering qualitative feedback from both audit and management teams.

- Implementing incremental improvements based on insights.

Final Thoughts  

Effective PBC management isn’t just another box to tick—it’s the bedrock of audit quality. By championing clear communication, harnessing modern technology, and nurturing a culture of continuous improvement, audit teams can free up their mental bandwidth to focus on what truly counts: delivering incisive, high-quality audits.

What's your perspective? Have you grappled with the challenges of managing a mountain of documents? What strategies have you found effective? I’d love to hear your story. Join the conversation in the DataSnipper Community, drop a comment, or send me a direct message.

Follow Ryan Godbey, CPA and DataSnipper on LinkedIn for more insights on governance and technology.  

Ryan Godbey, CPA is a former KPMG US lead Audit Partner of over 20 years and technology-focused leader and problem solver with a track record of driving innovation in accounting and audit. Follow him on LinkedIn for more insights on governance and technology.