Why Audit Analytics Fail

Despite years of Chief Audit Executives stating the data analytics are a necessity for efficient and agile audit, and requiring auditors to have analytic skills, analytics still often fail to deliver. I have often heard. “We didn’t have time to investigate the results of the analytics”, “We didn’t have time to get the data”, “The data doesn’t have integrity”, ”We didn’t understand the results”, “We didn’t know what to recommend…

December 28, 2023

Build it and They (won’t) Come?

Reflecting on 35 years of performing analytics to support internal audit, finance, and fraud detection has led me to a – not so startling – revelation: you can build the best analytics in the world, and they still might not be used by internal audit.  Analytics I have developed, even with significant client input, have not been used or were limited in their use: either time or extent. The question…

September 13, 2023

What is Internal Audit?

When I am asked, “What does an internal auditor do?” my response is usually, “How much time do you have for me to answer that question?”  As a long time internal auditor (35 years), I have often been disappointed by the perception of management (and others) regarding the purpose and value of internal audit. Ask management about internal audit and their response if usually that audit reviews financial statement and…

March 24, 2023

A Lifetime of Analytics

At the end of the year, I tend to reflect back on what I have done or not done.  It occurred to me that 2023 will be my 35th year using ACL Analytics (Galvanize, Diligent) on a daily basis. Throughout the years I have had many failures and successes. I have learned from identifying lessons-learned when things worked and even more importantly when they did not. I also took responsibility…

December 27, 2022

Audit: Developing a Continuous Monitoring Program for use by Management

I was fortunate it my early career by a forward-thinking manager. Back in 1990, my manager allowed me to explore the notion of data analytics to support audit. The manager also had the view that the analytics developed for the audit (e.g., AP analytics) should be handed over to management for their use (e.g., AP manager does continuous monitoring). So, I began my analytics career with the notion that analytics…

October 13, 2022

Better Audit Reports

Here are my top eight best practices for creating better internal audit reports that hit the mark: Audit Objective: ensure that the audit objective addresses the risks to the goals and objectives of the organization.  It should drive the risk identification and assessment; and be a foundation for the audit workplan and the conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Audit Workplan:…

April 24, 2022

Better Audit Recommendations

Setting the proper objective is critical to delivering on a quality, value-add audit.  It must be strongly linked to the goals and objectives of the entity being audited; drive the risk identification and assessment; and be a foundation for the audit workplan and conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Yet too many audits have poor objectives. I have performed analysis in…

January 20, 2022

The Why Factor

Too often auditors are satisfied with only finding the problem.  In fact, it is usually only ‘evidence that there is a problem’ and not the actual problem.  At which point their recommendations fall short of providing value and helping management improve controls and reduce risk. These types of audits often look something like this: Objective: Verify compliance with “A” Criterion – you are supposed to do “A” Condition – the…

August 2, 2020

Linking ERM and Performance Measurement – part #2

A proposed integrative model Dave Coderre, CAATS, www.caats.ca  During the strategic planning process senior managers propose goals and objectives for the coming year. ERM should evaluate objectives to ensure that risks have been considered and the chosen objectives are consistent with the entity’s mission. The risks should be analyzed and prioritized and mitigated by an appropriate response that considers the entity’s risk tolerance and risk appetite. The risk appetite will vary depending on…

October 17, 2018

Auditing the Right Things

Is there a mismatch between where internal audit spends its time auditing and the risks that organizations face?  Boards/audit committees should constantly re-evaluate whether internal audit is being used effectively to deliver risk-based assurance.  The fundamental questions for boards/audit committees are: are we doing the right audits; and are we doing audits right. In previous articles I have discussed ‘how to do an audit right’ – namely, the importance of…

September 20, 2018