Why Audit Analytics Fail

Despite years of Chief Audit Executives stating the data analytics are a necessity for efficient and agile audit, and requiring auditors to have analytic skills, analytics still often fail to deliver. I have often heard. “We didn’t have time to investigate the results of the analytics”, “We didn’t have time to get the data”, “The data doesn’t have integrity”, ”We didn’t understand the results”, “We didn’t know what to recommend…

December 28, 2023

Build it and They (won’t) Come?

Reflecting on 35 years of performing analytics to support internal audit, finance, and fraud detection has led me to a – not so startling – revelation: you can build the best analytics in the world, and they still might not be used by internal audit.  Analytics I have developed, even with significant client input, have not been used or were limited in their use: either time or extent. The question…

September 13, 2023

Developing SMART Audit Recommendations

Even if the auditor does a great job of planning, conduct, analysis, and follow-up, the real value of the audit will be absent if the recommendations miss the mark. Audit planning should be focused on two main objectives: identify the risk and design an audit program that will assess the risk.  Risk affects the achievement of organizational goals and objectives.  Capitalizing on positive risks will increase the achievement of these…

May 4, 2023

What is Internal Audit?

When I am asked, “What does an internal auditor do?” my response is usually, “How much time do you have for me to answer that question?”  As a long time internal auditor (35 years), I have often been disappointed by the perception of management (and others) regarding the purpose and value of internal audit. Ask management about internal audit and their response if usually that audit reviews financial statement and…

March 24, 2023

A Lifetime of Analytics

At the end of the year, I tend to reflect back on what I have done or not done.  It occurred to me that 2023 will be my 35th year using ACL Analytics (Galvanize, Diligent) on a daily basis. Throughout the years I have had many failures and successes. I have learned from identifying lessons-learned when things worked and even more importantly when they did not. I also took responsibility…

December 27, 2022

Audit: Developing a Continuous Monitoring Program for use by Management

I was fortunate it my early career by a forward-thinking manager. Back in 1990, my manager allowed me to explore the notion of data analytics to support audit. The manager also had the view that the analytics developed for the audit (e.g., AP analytics) should be handed over to management for their use (e.g., AP manager does continuous monitoring). So, I began my analytics career with the notion that analytics…

October 13, 2022

Generic Approach to Data Analysis for Audit

After years and years of mistakes, missteps, or invalid analysis, I have developed a series of steps that can reduce the likelihood or errors and increase the success of analytics for audit purpose. The first step is to ensure that you understand the goals and objectives of the audit.  Then the following steps should be performed: Based upon the audit objectives and risks, and mitigating controls identify analytics that will…

September 5, 2022

Data Analysis and Data Integrity – part #2

Part #1 looked at why assessing data integrity is an important, value-added activity that supports management decision making.  Part #2 examines things you can do to improve the integrity of the data and your analytic results.  While I will be looking at data integrity primarily from a data analytics perspective, it is important to recognize that many people play a role in the integrity of data.  Ensuring data integrity is…

August 19, 2022

Duplicates Invoices – Root Cause Analysis

Cost recovery firms make millions of dollars identifying and recovering duplicate payments.  They often have well developed analytics that can identify duplicate payments while reducing the number of false positives.  You will pay 25-50% but you are getting money back, so it feels like a win-win.  However, there are two things to keep in mind: 1) they go after the low hanging fruit and the largest possible duplicates; and 2)…

June 10, 2022

Better Audit Reports

Here are my top eight best practices for creating better internal audit reports that hit the mark: Audit Objective: ensure that the audit objective addresses the risks to the goals and objectives of the organization.  It should drive the risk identification and assessment; and be a foundation for the audit workplan and the conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Audit Workplan:…

April 24, 2022