Despite years of Chief Audit Executives stating the data analytics are a necessity for efficient and agile audit, and requiring auditors to have analytic skills, analytics still often fail to deliver. I have often heard. “We didn’t have time to investigate the results of the analytics”, “We didn’t have time to get the data”, “The data doesn’t have integrity”, ”We didn’t understand the results”, “We didn’t know what to recommend…
When I am asked, “What does an internal auditor do?” my response is usually, “How much time do you have for me to answer that question?” As a long time internal auditor (35 years), I have often been disappointed by the perception of management (and others) regarding the purpose and value of internal audit. Ask management about internal audit and their response if usually that audit reviews financial statement and…
Here are my top eight best practices for creating better internal audit reports that hit the mark: Audit Objective: ensure that the audit objective addresses the risks to the goals and objectives of the organization. It should drive the risk identification and assessment; and be a foundation for the audit workplan and the conduct of the audit. And ultimately, is it the statement upon which the audit concludes. Audit Workplan:…
Setting the proper objective is critical to delivering on a quality, value-add audit. It must be strongly linked to the goals and objectives of the entity being audited; drive the risk identification and assessment; and be a foundation for the audit workplan and conduct of the audit. And ultimately, is it the statement upon which the audit concludes. Yet too many audits have poor objectives. I have performed analysis in…
The Risk-Base Audit Plan (RBAP) is an important output of Internal Audit. Not only is it a requirement of the IIA standards, but it also focuses audit on the most significant risks affecting the organization. In addition, it gives the Chief Audit Executives (CAEs) everything they needed to determine which audits will be performed and when; and to identify the required audit resources. However, developing a robust RBAP is not…
What could be worse than not having an analytics capability? Having an analytics capability, but not being sure what to do with it! This means that you have invested in developing analytics to access your business systems, but now are unsure about: Which analytics do I run? How often should I run them? What do the results mean? How do I verify the results? How do I deal with false…
Following on the success achieved by the development of the standard extract of financial data from SAP, I decided to design and develop a standard extract from PeopleSoft – our company used SAP for finances and PeopleSoft for HR and another package for Pay (don’t ask why). For HR data, we really only needed three files to address most of the audit requirements: Person – providing information on the employee…
Imagine my excitement when I had 7 responses to my previous post on Payroll and then my utter disappointment when I found out that all we in Russian and had nothing to do with the content of my blog. This continued for several days and suddenly switched to English posts about Credit Unions. In total I had over 65 spam bot posts including two that wanted to help me monetarize…
Wow – never realized how much work this would be. I mean, I am only posting once a week – but it still takes a lot of time. Not getting many comment, but I hope people are enjoying and learning from the posts. I had hoped more people would share their experiences so we could learn from each other. I was now interested in expanding my use of data analytics…
I had been writing articles for the Internal Auditor (IIA) and other audit-related magazines for several years now, but I wanted to do more to educate and encourage auditors in the use of analytics. One day I realized that if I assembled all of my previously published IIA articles, I had about 50% of the content necessary for a book on analytics. So I started developing an outline and writing…