After years and years of mistakes, missteps, or invalid analysis, I have developed a series of steps that can reduce the likelihood or errors and increase the success of analytics for audit purpose. The first step is to ensure that you understand the goals and objectives of the audit. Then the following steps should be performed: Based upon the audit objectives and risks, and mitigating controls identify analytics that will…
Part #1 looked at why assessing data integrity is an important, value-added activity that supports management decision making. Part #2 examines things you can do to improve the integrity of the data and your analytic results. While I will be looking at data integrity primarily from a data analytics perspective, it is important to recognize that many people play a role in the integrity of data. Ensuring data integrity is…
A common refrain that I hear is, “We can’t rely on the data because it does not have integrity.” This raises a couple of questions in my mind and should in yours as well. First, what is management using to produce its reports and make decisions? Second, how accurate does your data have to be to allow you to perform analytics and arrive at valid recommendations/conclusions. The obvious answer to…
Cost recovery firms make millions of dollars identifying and recovering duplicate payments. They often have well developed analytics that can identify duplicate payments while reducing the number of false positives. You will pay 25-50% but you are getting money back, so it feels like a win-win. However, there are two things to keep in mind: 1) they go after the low hanging fruit and the largest possible duplicates; and 2)…
Here are my top eight best practices for creating better internal audit reports that hit the mark: Audit Objective: ensure that the audit objective addresses the risks to the goals and objectives of the organization. It should drive the risk identification and assessment; and be a foundation for the audit workplan and the conduct of the audit. And ultimately, is it the statement upon which the audit concludes. Audit Workplan:…
This is the seventh in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: recommendation. The focus will be on the use of data analytics to assist you in determining the recommendation. In simple terms, the recommendation is the action that management should take – putting in a control, changing a business process, etc. If the other components of the finding…
This is the sixth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Impact. The focus will be on the use of data analytics to assist you in determining the impact of what was observed (the condition) and to support the recommendation. In simple terms, the impact answers the ‘why should I care.’ What is the impact of controls failing…
This is the fifth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Cause. The focus will be on the use of data analytics to assist you in determining the cause of what was observed (the condition) and to support the development of the recommendation. In simple terms, the cause answers the ‘why.’ Why are controls failing to prevent and/or…
This is the fourth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Condition. The focus will be on the use of data analytics and how the condition supports the development of the recommendation. In simple terms, the condition is “what is.” Typically, the analytics are testing for the existence of something, and the results are the condition. For example,…
This is the third in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Criteria. The focus will be on the use of data analytics and how the criteria play an important role in the development of analytics to support and inform the audit. IIA Standard 2210.A3 states that “adequate criteria are needed to evaluate controls.” Simply put, the audit criteria…