The Risk-Base Audit Plan (RBAP) is an important output of Internal Audit. Not only is it a requirement of the IIA standards, but it also focuses audit on the most significant risks affecting the organization. In addition, it gives the Chief Audit Executives (CAEs) everything they needed to determine which audits will be performed and when; and to identify the required audit resources. However, developing a robust RBAP is not…
Dave Coderre, RiverAA I have been performing analytics for more than 30 years and I am not sure if it was simply a case of “hard to teach an old dog new tricks” or what, but I never really saw the point of visualizing the results. If I run an Accounts Payable duplicates test and identify $500K in duplicates and can tell you that it is because of three main…
For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA. Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled. Sadly, these tightly controlled areas are often overlooked until it is too late. Which bring us to Risk and Controls. Risk and Controls: Business…
Is there a mismatch between where internal audit spends its time auditing and the risks that organizations face? Boards/audit committees should constantly re-evaluate whether internal audit is being used effectively to deliver risk-based assurance. The fundamental questions for boards/audit committees are: are we doing the right audits; and are we doing audits right. In previous articles I have discussed ‘how to do an audit right’ – namely, the importance of…
In my previous discussion about variables, I neglected to mention ACL system-generated variables. These are more evident now, and can easily be seen by using the Variables tab in the Overview/Navigation window. The most common use of ACL system-generated variables are those created by the STATISTICS commands: MAX1, MIN1, HIGH1, LOW1, AVERAGE1, RANGE1, TOTAL1, COUNT1 and ABS1. These, and other variables, are created by the execution of ACL commands and…
Scripts are a powerful way of improving consistency and speed when processing the same commands over and over again. But they can also be used to provide relatively novice users with the ability to run more complex analysis. By now you may be ready to develop more interactive scripts that you can give to other users. This usually requires prompting the user for input; validating the input; and acting upon…
Not being an expert in pretty much anything has never stopped me from taking ideas from others and adapting them to my needs. Typically, this has meant transferring a theoretical analytic to a specific – practical – use. In this case, I wanted to look at the use of sentiment analysis for fraud risk assessment. As many of you may already know, I use a software package called ACL. I…
What could be worse than not having an analytics capability? Having an analytics capability, but not being sure what to do with it! This means that you have invested in developing analytics to access your business systems, but now are unsure about: Which analytics do I run? How often should I run them? What do the results mean? How do I verify the results? How do I deal with false…
There is a lot of talk about Artificial Intelligent (AI) and unstructured data and how this will identify fraud and make life easier for financial monitoring, internal control and audit. This all sounds great, but we are not even making use of the structured data we have and some basic analysis techniques. How then can we jump to AI and obtain reliable, understandable, actionable results? So, let me give you…
Recently there was a discussion on the ACL peer community between an ACL expert user and myself over when certain commands were included in the basic set of ACL commands (e.g. Cross Tab). I had built a cross tab script before the command existed in ACL, but was wrong on both the date I created the script and when it was included as part of the ACL command set. This…