The Why Factor

Too often auditors are satisfied with only finding the problem.  In fact, it is usually only ‘evidence that there is a problem’ and not the actual problem.  At which point their recommendations fall short of providing value and helping management improve controls and reduce risk. These types of audits often look something like this: Objective: Verify compliance with “A” Criterion – you are supposed to do “A” Condition – the…

August 2, 2020
Read More >>

37-Point Check-up for your ERP

COVID hasn’t really changed things for auditors – it has just brought things to the forefront that we should already have been doing.  Things like: focusing on key risks to the organization, and embracing and maximizing the use of analytics.  This article describes how an audit function can check on the robustness of the internal controls, identify and assess risks, prevent fraud, and provide assurance – remotely – by employing…

July 17, 2020
Read More >>

New System – control weaknesses

It is always important to test controls when systems and/or processes change.  Sometimes a current process may have adequate controls, but the new process may not be as secure. Equipment Serial Numbers A large company with several plants purchased expensive, highly specialized, equipment for use in its manufacturing plants.  A central purchasing organization made all the purchases and the inventory held until required by a plant.  The inventory manager was…

December 7, 2016
Read More >>

Year 16 – 2003 – Recruitment Process

People, even those that perform analytics, often think that data analysis can only be applied to financial-type audits.  I have tried to highlight other types of audits where analytics played a significant role including transportation, inventory, and hazardous materials (environmental).   In that vein, I offer you analysis that was part of an HR recruitment audit. he organization was an international/national police force.  Like many police forces, it needed a fairly…

July 11, 2016
Read More >>

Year 16 – 2003 – Accounts Receivable

It was beginning to almost become routine – get data, perform analysis, identify significant results, make recommendations and, often, transfer the analysis jobs to management for continuous monitoring.  This doesn’t mean that there were problems: obtaining the data, persuading audit teams to use analysis, and sometimes convincing management to address the control problems.  It was a challenge and it kept the job interesting. I was also performing consulting from time…

July 4, 2016
Read More >>

Year 15 – 2002 – Part 2 – IT Audit

Second part of article on making IT Audits more effective and value-added …. The next area that will need to be address by CAEs is ensuring that risk-based audit plans are relevant and that selected audits provide maximum value to senior management.  Today’s business environment changes rapidly to adjust to market conditions, evolving legislation and economic forces; and the risk-based audit plan must keep pace with this rapid change if…

June 27, 2016
Read More >>

Year 15 – 2002 – Part 1 – IT Audit

Many audit shops rely on IT auditors to support their use of data analytics; however, the IT audits typically focus on general and application controls.  Around this time I wrote an article for the EDPACS magazine which encouraged IT auditors to look beyond the black box – to look at how IT supports, drives, and impact business processes.  I have included below. IT Auditors need to come out of the…

June 20, 2016
Read More >>

Year 13 – 2000 – Back to Work after a Year of Consulting

This was another exciting year for me.  First, in 1999, I had decided to take a year off without pay and do some sub-contracting for ACL (I forgot to mention this in 1999 post).   It gave me the opportunity to really expand my analysis skills.  Also, I worked on the development of DirectLink for SAP which really forced me to develop a better understanding of SAP – something that has…

May 30, 2016
Read More >>

Year 6 – 1993 – Promoting Analytics

Analysis had proven to be successful in not only supporting the conduct phase of internal auditors but also during the planning phase. More and more we were being asked by audit teams to perform analytics to support the development of the audit scope and objectives. However, there were still team leaders that avoided the use of analytics.  “Analytics won’t be of any use in this audit” was still a familiar…

April 4, 2016
Read More >>

Year 4 – 1991 – Up and running

By 1991 the idea of using data analytics to support internal audit was firmly in place in the organization.  I was producing monthly reports which described how analytics was used by various audit teams to improve efficiency, to expand the scope, to arrive at better findings and to fully test controls (i.e. not using samples).   The analytics team (still only two people) had developed CAATTs (Computer-Assisted Audit Tools and Techniques)…

March 22, 2016
Read More >>