I have been using ACL software for more than 25 years – back before the Windows version even existed. It wasn’t the first audit software that I had used, and I was pretty sure it wouldn’t be the last audit software I would use. Previously I had used AutoAudit, Audit Analyzer, Decision Analyzer, IDEA, ReportWriter, Easytrieve and various spreadsheet packages (Mulitplan, Visicalc, and Lotus1-2-3). I told myself that I would…
A common problem that presents itself when doing analysis is the need to extract detail records that match a list of values (criteria) in another file. This can range from simple to more complicated, primarily depending on the nature of the match. The following describes three approaches, based on the objective of the analysis. Simple question: A simple question of this type is where we have a file with detailed…
Studies after study have shown that data analytics is more effective and efficient at detecting risk, and identifying control weaknesses, non-compliance, and inefficient business processes. Chief Audit Executives (CAEs) have repeated stated that data analysis expertise is a much needed skill in internal audit, and IIA surveys of software over the past 10-15 years have rated data extraction, data analysis and analytical software as critical tools for effective audit organizations. …
Even though I am retired, I am still getting to do interesting analysis – perhaps even more so because I get to pick and chose want I want to do. In this case, I was asked to assist with an audit being performed by a municipal audit function. A large city had an internal audit group that was interested in auditing revenue – primarily from property taxes. One of the…
The following posts is part 2 of “Adding Value to Compliance Audits” Given a good understanding of the current level and sources of risk, the next step is to look at the requirement for, and the adequacy and effectiveness of, the control to mitigate the risk. This requires an understanding of the cause and source of the risk and the operation of the control. Is the control still required? Does…
I have been away on vacation and now I have exams to mark and Christmas preparations to finish. So, I must confess that these examples are fillers as I have been too busy to write much else these days. However, I do still feel that they have value. Sometimes fraud is detected through the identification of missing items or transactions; in other cases unexpected transaction are found, highlighting the fraud. …
Hidden Costs The true cost of fraud is more than the total of the financial losses. Stockholder confidence, employee morale and other intangible factors must be added to the monetary losses. Most managers agree with this assessment; however management often encourages fraud by placing unrealistic goals on employees, or by disregarding the rules themselves. Auditors must be aware of the pressures placed upon employees that may lead them to commit…
The company I worked had a fleet of cars that we maintained, and when beyond a certain age, were sold. The analysis below describes an audit that looked at the controls around both of these processes. The new manager of the company garage had only been in charge for a year and was already well respected and well liked. He and his assistant provided quick and efficient maintenance service for…
Imagine my excitement when I had 7 responses to my previous post on Payroll and then my utter disappointment when I found out that all we in Russian and had nothing to do with the content of my blog. This continued for several days and suddenly switched to English posts about Credit Unions. In total I had over 65 spam bot posts including two that wanted to help me monetarize…
Accessing different systems, trying to address auditor requirements, and performing complex analysis – they all present risks. And while I have had a great deal of success, there also have been many mistakes. I once heard it said, “learn from others mistakes – you don’t have enough time to make them all yourself” or something similar. This is why I always try to post a lesson-learned and this post is…