I was fortunate it my early career by a forward-thinking manager. Back in 1990, my manager allowed me to explore the notion of data analytics to support audit. The manager also had the view that the analytics developed for the audit (e.g., AP analytics) should be handed over to management for their use (e.g., AP manager does continuous monitoring). So, I began my analytics career with the notion that analytics…
Too often auditors are satisfied with only finding the problem. In fact, it is usually only ‘evidence that there is a problem’ and not the actual problem. At which point their recommendations fall short of providing value and helping management improve controls and reduce risk. These types of audits often look something like this: Objective: Verify compliance with “A” Criterion – you are supposed to do “A” Condition – the…
COVID hasn’t really changed things for auditors – it has just brought things to the forefront that we should already have been doing. Things like: focusing on key risks to the organization, and embracing and maximizing the use of analytics. This article describes how an audit function can check on the robustness of the internal controls, identify and assess risks, prevent fraud, and provide assurance – remotely – by employing…
It is always important to test controls when systems and/or processes change. Sometimes a current process may have adequate controls, but the new process may not be as secure. Equipment Serial Numbers A large company with several plants purchased expensive, highly specialized, equipment for use in its manufacturing plants. A central purchasing organization made all the purchases and the inventory held until required by a plant. The inventory manager was…
People, even those that perform analytics, often think that data analysis can only be applied to financial-type audits. I have tried to highlight other types of audits where analytics played a significant role including transportation, inventory, and hazardous materials (environmental). In that vein, I offer you analysis that was part of an HR recruitment audit. he organization was an international/national police force. Like many police forces, it needed a fairly…
It was beginning to almost become routine – get data, perform analysis, identify significant results, make recommendations and, often, transfer the analysis jobs to management for continuous monitoring. This doesn’t mean that there were problems: obtaining the data, persuading audit teams to use analysis, and sometimes convincing management to address the control problems. It was a challenge and it kept the job interesting. I was also performing consulting from time…
Second part of article on making IT Audits more effective and value-added …. The next area that will need to be address by CAEs is ensuring that risk-based audit plans are relevant and that selected audits provide maximum value to senior management. Today’s business environment changes rapidly to adjust to market conditions, evolving legislation and economic forces; and the risk-based audit plan must keep pace with this rapid change if…
Many audit shops rely on IT auditors to support their use of data analytics; however, the IT audits typically focus on general and application controls. Around this time I wrote an article for the EDPACS magazine which encouraged IT auditors to look beyond the black box – to look at how IT supports, drives, and impact business processes. I have included below. IT Auditors need to come out of the…
This was another exciting year for me. First, in 1999, I had decided to take a year off without pay and do some sub-contracting for ACL (I forgot to mention this in 1999 post). It gave me the opportunity to really expand my analysis skills. Also, I worked on the development of DirectLink for SAP which really forced me to develop a better understanding of SAP – something that has…
Analysis had proven to be successful in not only supporting the conduct phase of internal auditors but also during the planning phase. More and more we were being asked by audit teams to perform analytics to support the development of the audit scope and objectives. However, there were still team leaders that avoided the use of analytics. “Analytics won’t be of any use in this audit” was still a familiar…