10 Essential keys to get the most out of audit data analytics. Part ІІ

In a previous article, we examined the first 5 basic tips that lead to the successful implementation of audit data analysis. In executing the audit, data analytics can allow Internal Audit to monitor continuous controls, spot signs of fraud more readily, and identify and anticipate future risks. Data analytics can also provide better reporting on risk quantification, exception management, and root cause investigations so that businesses are better equipped to mitigate risks or eliminate the possibility of breaches altogether.

Consider the following 5 key areas:

6. Ensure access to quality data

Your team’s access to complete and accurate data is paramount. This is what allows you to conduct in-depth analysis of the business processes within your scope. However, this is often the most difficult barrier to overcome when implementing data analytics.

The hard work is on the front line – identifying data, ensuring accuracy, completeness and accessibility, and standardizing it as needed. However, once this is done, auditors can run analytical procedures in real time when needed and proactively identify problems or confirm their absence.

Leading internal audit departments often start with one business process (such as procurement) and work with IT to understand the data. They use business intelligence tools, data warehouses, and other tools already used in other parts of the business to continually deliver data to internal audit.

7. Take the initiative on continuous auditing & monitoring

Through continuous auditing and monitoring, Internal Audit — traditionally the third line of defense — steps forward to serve in the first line. Rather than identify issues after the fact, the function identifies issues in real time and many of the greatest risks to the organization are actively monitored and addressed before becoming a more serious threat. Best-in-class Internal Audit groups are providing a valuable strategic service to their organizations by performing such activities in operational processes, fraud indicators, and the information used for strategic decision-making. Through these and other activities, Internal Audit should work collaboratively with stakeholders in designing and deploying continuous auditing tools, as well as in identifying what data should be monitored. Other groups, functions and lines of business can provide valuable insights on where the audit effort should be focused and how best to build or customize tools to monitor risks most effectively.

8. Prepare your team

Some are concerned about job losses in internal audit as a result of new technology tools (automation) and the specialists needed to support them. 

Rest assured, the internal auditor’s role is secure. There is no substitute for their experience and judgment, nor is there ever likely to be.  

That said, auditors must have a solid understanding of data and a capacity for critical thought. They need to be able to grasp new business processes quickly and use data analytics to create procedures to address the risks they’ve identified. And they must be trained in analytics tools and software. Best-in-class internal audit groups have different approaches to building an analytics-ready internal audit team and incorporating needed specialists. But every auditor on the team should have enough expertise in data analytics to carry out basic data analytic tasks independently for each audit. 

 

9. Focus on Essentials

In Tip 7, we highlighted the value of continuous auditing in actively monitoring the greatest risks to the organization and addressing issues early.

The following are among other valuable applications for data analytics: 

  • Data Mining – Data mining can be used to understand processes more deeply, with greater objectivity, and earlier in the audit cycle. Traditional approaches to process reviews include rule-based data analytics, process flowcharts, interviews, screening narratives and process walkthroughs. These approaches, however, can be unreliable or manually intensive, or both. Data mining can reveal a more complete picture of how processes are transacted. Organizational data, for instance, can be leveraged to generate visual representations of business processes that internal auditors can then use in identifying risk, control weaknesses and inefficiencies.
  • Advanced analytics and comprehensive data analyses – By using data to assess risk, auditors can perform their work, including risk thresholds, full samples and data-driven flow charting, more effectively.
  • Automated processes – Freed from manual tasks, teams can focus on areas requiring significant judgment.
  • Machine learning and artificial intelligence – Complex testing can be done both more effectively and efficiently with these tools. As well, complex analysis can be performed in real-time. 

Other groups, functions and lines of business can provide valuable insights on where the audit effort should be focused and how best to build or customize tools to monitor risks most effectively.

10. Reporting

Reporting — the task of communicating audit conclusions, any issues and remedial measures to stakeholders — is fundamental to every internal auditor’s job description. With data analytics, however, reporting plays the secondary role of communicating the benefits of continued investments in tools, training and resources for data analytics itself.

Leading internal audit groups garner increased budgets and resources for data analytics by building a strong business case for them, often based on tangible proofs of success. CAE’s should look for any possible ways of measuring and reporting the success of the group’s work with data analytics. As with the audit conclusions themselves, this is a story best told through numbers. Auditors still do a great deal of writing. More and more, however, they’re turning to visual audit reports tools to convey their messages in ways that are simple, direct and likely to be understood and acted upon. Dashboard visualization tools can be used at any stage of the audit methodology to, for example, to identify the highest risk areas during scoping, to perform drill-down analysis during fieldwork, and to express value-added insights and recommendations when reporting.

Data analytics has the potential to transform Internal Audit and promote the function to a senior strategic role in the organization. CAEs, however, must take pains to ensure that implementation is done in a measured, deliberate and well-planned manner, supported by the right technology tools, personnel and training.

If you are just starting out and taking the first steps towards auditing transformation, it’s time to use modern data analysis tools, one of which is CaseWare IDEA.

 

To learn more about our products and order a FREE demo version,

you can contact our specialists:

+38 (097) 007 05 51

v.totskiy@caseware.com.ua