The Data Analytics Conundrum

Studies after study have shown that data analytics is more effective and efficient at detecting risk, and identifying control weaknesses, non-compliance, and inefficient business processes.  Chief Audit Executives (CAEs) have repeated stated that data analysis expertise is a much needed skill in internal audit, and IIA surveys of software over the past 10-15 years have rated data extraction, data analysis and analytical software as critical tools for effective audit organizations.  …

February 27, 2017

Year 31 – Incomplete Property Tax Data

Even though I am retired, I am still getting to do interesting analysis – perhaps even more so because I get to pick and chose want I want to do.  In this case, I was asked to assist with an audit being performed by a municipal audit function.  A large city had an internal audit group that was interested in auditing revenue – primarily from property taxes.  One of the…

February 13, 2017

Adding Value to Compliance Audits – part2

The following posts is part 2 of “Adding Value to Compliance Audits” Given a good understanding of the current level and sources of risk, the next step is to look at the requirement for, and the adequacy and effectiveness of, the control to mitigate the risk.  This requires an understanding of the cause and source of the risk and the operation of the control.  Is the control still required?  Does…

February 7, 2017

Adding Value to Compliance Audits – part 1

I have often been critical of compliance audits, but I recently realized that it is not the ‘compliance audit’ that bothers me, but the way it is done.  This led me to write the following thoughts. It is difficult to argue that compliance audits are not an important internal audit product.  Done properly, they can protect a company from fines, penalties and even criminal charges.  For example, non- compliance with…

January 27, 2017

Year 30 + P-card fraud

I didn’t realize how quickly it would take to get to 30 years when posting one blog per week for each year (30 weeks).  Even drawing some of the posts out to two weeks didn’t add much.  So now I am posting additional analysis performed over the years.  Another thing I didn’t take into account was that I would continue to perform analysis – even after I retired.  So I…

January 7, 2017

Missing items

I have been away on vacation and now I have exams to mark and Christmas preparations to finish.  So, I must confess that these examples are fillers as I have been too busy to write much else these days.  However, I do still feel that they have value. Sometimes fraud is detected through the identification of missing items or transactions; in other cases unexpected transaction are found, highlighting the fraud. …

December 21, 2016

New System – control weaknesses

It is always important to test controls when systems and/or processes change.  Sometimes a current process may have adequate controls, but the new process may not be as secure. Equipment Serial Numbers A large company with several plants purchased expensive, highly specialized, equipment for use in its manufacturing plants.  A central purchasing organization made all the purchases and the inventory held until required by a plant.  The inventory manager was…

December 7, 2016

Year 29 – 2016 – Fraud

 Hidden Costs The true cost of fraud is more than the total of the financial losses.  Stockholder confidence, employee morale and other intangible factors must be added to the monetary losses.  Most managers agree with this assessment; however management often encourages fraud by placing unrealistic goals on employees, or by disregarding the rules themselves.  Auditors must be aware of the pressures placed upon employees that may lead them to commit…

November 28, 2016

Year 28 – 2015 – Fraud Risk Management Guidance

COSO had released an update to COSO-ERM which included Principle #8 (“The organization considers the potential for fraud in assessing risks to the achievement of objectives.”) related to fraud risk.  David Cotton (Cotton and Company LLP) put together a team of experts to develop guidance on how the audit profession and management could address the requirements of principle #8 and I was fortunate enough to be invited to be part…

November 21, 2016

Year 27 – 2014 – Car Maintenance – Part 2

Part2 – the audit had entered an investigative type phase looking into probable fraud.  As a result, the team leader developed a fraud analysis plan.  The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data.  Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in…

November 14, 2016