Unicorns and the Case for Analytics

It feels odd to have to continue to justify the need for and use of analytics.  What can I add that has not already been stated many times over the past 20-30 years?  Studies since the early 1990’s have pointed to the need for businesses and auditors to embrace the use of analytics.  More recently, Deloitte’s 2021 Global Risk Management Study1 recognizes the potential for digital risk management technology to…

April 27, 2021
Read More >>

More than Controls

When I tell people that I am an internal audit, three things happen: first I must explain that I am not from the IRS and will not be auditing their taxes.  The second, I must tell them that I do not just focus on financial statements, or fraud, but conduct many types of audits.  This often leads to the third comment, perhaps in jest, “So, you are just interested in…

April 14, 2021
Read More >>

The Why Factor

Too often auditors are satisfied with only finding the problem.  In fact, it is usually only ‘evidence that there is a problem’ and not the actual problem.  At which point their recommendations fall short of providing value and helping management improve controls and reduce risk. These types of audits often look something like this: Objective: Verify compliance with “A” Criterion – you are supposed to do “A” Condition – the…

August 2, 2020
Read More >>

37-Point Check-up for your ERP

COVID hasn’t really changed things for auditors – it has just brought things to the forefront that we should already have been doing.  Things like: focusing on key risks to the organization, and embracing and maximizing the use of analytics.  This article describes how an audit function can check on the robustness of the internal controls, identify and assess risks, prevent fraud, and provide assurance – remotely – by employing…

July 17, 2020
Read More >>

Analytics to support risk-based audit plan (RBAP)

The Risk-Base Audit Plan (RBAP) is an important output of Internal Audit.   Not only is it a requirement of the IIA standards, but it also focuses audit on the most significant risks affecting the organization.  In addition, it gives the Chief Audit Executives (CAEs) everything they needed to determine which audits will be performed and when; and to identify the required audit resources. However, developing a robust RBAP is not…

January 3, 2020
Read More >>

See Visualizations

Dave Coderre, RiverAA I have been performing analytics for more than 30 years and I am not sure if it was simply a case of “hard to teach an old dog new tricks” or what, but I never really saw the point of visualizing the results.  If I run an Accounts Payable duplicates test and identify $500K in duplicates and can tell you that it is because of three main…

October 6, 2019
Read More >>

Risk, Controls, Entropy, Black Swans, Analytics and RPA

For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA.  Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled.  Sadly, these tightly controlled areas are often overlooked until it is too late.  Which bring us to Risk and Controls. Risk and Controls:  Business…

August 23, 2019
Read More >>

The Death of Continuous Auditing – part 2

I purposely made the first title more dramatic than needed to make people understand that Continuous Auditing needs to be looked at from a different perspective.  In fact, it is the original perspective – Risk and Controls – the needs to be adopted.  Unfortunately, the concept of Continuous Auditing transformed into “data analysis” which often resulted in auditors simply reporting errors and exceptions and not tying these back to the…

February 25, 2019
Read More >>

The Death of Continuous Auditing

As the principle author of the Institute of Internal Auditors (IIA) Global Technology Audit Guide (GTAG) on Continuous Auditing (GTAG#3), I hope that you will grant me the prerogative to state that “Continuous Auditing is Dead”.   Continuous Auditing – a misnomer as it should have been called ‘Continual’ Auditing – was never fully understood or accepted by auditors or by audit clients.  The idea behind Continuous Auditing was to improve…

February 6, 2019
Read More >>

Identifying Potential Duplicates

The identification of duplicates ultimately comes down to finding a balance between the False Positives, False Negatives and True Duplicates.  This article discusses various approaches to reducing the number of False Positive and False Negatives – making the duplicate results more reliable. The concept of identifying duplicates is fairly simple: do two records have the same values?  If yes, then they are duplicates.  However when dealing with names and addresses…

January 4, 2019
Read More >>