Audit Finding Attribute: Impact

This is the sixth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Impact. The focus will be on the use of data analytics to assist you in determining the impact of what was observed (the condition) and to support the recommendation. In simple terms, the impact answers the ‘why should I care.’  What is the impact of controls failing…

March 21, 2022
Read More >>

Audit Finding Attribute: Cause

This is the fifth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Cause. The focus will be on the use of data analytics to assist you in determining the cause of what was observed (the condition) and to support the development of the recommendation. In simple terms, the cause answers the ‘why.’  Why are controls failing to prevent and/or…

March 9, 2022
Read More >>

Audit Finding Attribute: Condition

This is the fourth in a series of articles on data analytics and internal audit. This article looks at the audit finding statement: Condition. The focus will be on the use of data analytics and how the condition supports the development of the recommendation. In simple terms, the condition is “what is.” Typically, the analytics are testing for the existence of something, and the results are the condition. For example,…

February 28, 2022
Read More >>

Data Analytics and Internal Audit

This is the next post in a series that discusses the importance of having a proper audit objective, defining the business goals and objectives, and the risks to the achievement of those objectives.  This article will discuss the identification and assessment of risk.  The next series of articles will look at the audit finding statement: Criteria, Condition, Cause, Impact and Recommendation.  The focus will be on the use of data…

February 16, 2022
Read More >>

SOX Cost Reductions through Data Analytics

According to the Protiviti report, ‘SOX Compliance and the Promise of Technology and Automation1’ SOX compliance costs have shown year-over-year increases but are starting to level off.  It also states that organizations are beginning to make greater use of technology and automation to support the compliance process.  However, implementing automation in the SOX compliance process is difficult for many organizations.  Understanding and defining requirements, getting stakeholder buy-in, and the investment…

July 5, 2021
Read More >>

Unicorns and the Case for Analytics

It feels odd to have to continue to justify the need for and use of analytics.  What can I add that has not already been stated many times over the past 20-30 years?  Studies since the early 1990’s have pointed to the need for businesses and auditors to embrace the use of analytics.  More recently, Deloitte’s 2021 Global Risk Management Study1 recognizes the potential for digital risk management technology to…

April 27, 2021
Read More >>

37-Point Check-up for your ERP

COVID hasn’t really changed things for auditors – it has just brought things to the forefront that we should already have been doing.  Things like: focusing on key risks to the organization, and embracing and maximizing the use of analytics.  This article describes how an audit function can check on the robustness of the internal controls, identify and assess risks, prevent fraud, and provide assurance – remotely – by employing…

July 17, 2020
Read More >>

Risk, Controls, Entropy, Black Swans, Analytics and RPA

For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA.  Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled.  Sadly, these tightly controlled areas are often overlooked until it is too late.  Which bring us to Risk and Controls. Risk and Controls:  Business…

August 23, 2019
Read More >>

CEOs Need to Wake up to the Strategic Importance of GRC

GRC: Governance, Risk and Compliance (or, in my view, Controls) is critical to companies that want to remain viable.  A company’s GRC activities should be not just coordinated, but also integrated to provide all levels of management with a view into changing risks and risk levels.   If you do not have structures and procedures in place to monitor, identify and assess these risks you are less likely to succeed.  Want…

November 27, 2018
Read More >>

Year 26 – 2013 – Payroll

 I haven’t looked at payroll very often; at least not as often as I think I should or would have liked.  Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk.   This belief is often transferred to audit even…

October 31, 2016
Read More >>