This is the next post in a series that discusses the importance of having a proper audit objective, defining the business goals and objectives, and the risks to the achievement of those objectives. This article will discuss the identification and assessment of risk. The next series of articles will look at the audit finding statement: Criteria, Condition, Cause, Impact and Recommendation. The focus will be on the use of data…
It feels odd to have to continue to justify the need for and use of analytics. What can I add that has not already been stated many times over the past 20-30 years? Studies since the early 1990’s have pointed to the need for businesses and auditors to embrace the use of analytics. More recently, Deloitte’s 2021 Global Risk Management Study1 recognizes the potential for digital risk management technology to…
It is hard to perform analytics if you don’t know what data to get. Here are two simple approaches I developed that will help you. www.caats.ca The American Certified Fraud Examiners (ACFE) Report to the Nations 2018 states that proactive data analytics can reduce losses by 52% and the duration of frauds by 58%. And still many organizations do not use analytics to prevent or detect fraud. The question is…
Not being an expert in pretty much anything has never stopped me from taking ideas from others and adapting them to my needs. Typically, this has meant transferring a theoretical analytic to a specific – practical – use. In this case, I wanted to look at the use of sentiment analysis for fraud risk assessment. As many of you may already know, I use a software package called ACL. I…
There is a lot of talk about Artificial Intelligent (AI) and unstructured data and how this will identify fraud and make life easier for financial monitoring, internal control and audit. This all sounds great, but we are not even making use of the structured data we have and some basic analysis techniques. How then can we jump to AI and obtain reliable, understandable, actionable results? So, let me give you…
Sometimes even the simplest analytics are extremely useful. They often tell you what is happening in the detailed transactions without you having to make assumptions about the data. STATISTICS is one of those commands: with a couple clicks of the mouse you can get: Min and Max Highest and Lowest ‘X’ values Number of Positive, Negative and Zero valued transactions Average Median, Mode and Q25 and Q75 But like any…
I have been away on vacation and now I have exams to mark and Christmas preparations to finish. So, I must confess that these examples are fillers as I have been too busy to write much else these days. However, I do still feel that they have value. Sometimes fraud is detected through the identification of missing items or transactions; in other cases unexpected transaction are found, highlighting the fraud. …
It is always important to test controls when systems and/or processes change. Sometimes a current process may have adequate controls, but the new process may not be as secure. Equipment Serial Numbers A large company with several plants purchased expensive, highly specialized, equipment for use in its manufacturing plants. A central purchasing organization made all the purchases and the inventory held until required by a plant. The inventory manager was…
Hidden Costs The true cost of fraud is more than the total of the financial losses. Stockholder confidence, employee morale and other intangible factors must be added to the monetary losses. Most managers agree with this assessment; however management often encourages fraud by placing unrealistic goals on employees, or by disregarding the rules themselves. Auditors must be aware of the pressures placed upon employees that may lead them to commit…
COSO had released an update to COSO-ERM which included Principle #8 (“The organization considers the potential for fraud in assessing risks to the achievement of objectives.”) related to fraud risk. David Cotton (Cotton and Company LLP) put together a team of experts to develop guidance on how the audit profession and management could address the requirements of principle #8 and I was fortunate enough to be invited to be part…