Risk Assessment

Year 18 – 2005 – Quantitative Indicators of Risk – part 2

This is Part2 of an article on developing quantitative indicators of risk to support the annual risk-based audit planning process. Part1 presented the concept that risk (Probability and Impact) can be measured quantitatively by looking at Complexity and Change (which increase the probability) and Materiality or Volume (which increases the impact).  It also encouraged you to look at more than financial risk.  Part 2 presents examples of indicators of risk…

August 8, 2016
0 comment
Read More >>

Year 18 – 2005 – Quantitative Indicators of Risk – part 1

This was my first attempt at identifying risk to support the development of the annual risk-based audit plan (RBAP).  I have been involved in the development of the RBAP – even responsible for it – over the years and always felt that it was more professional opinion than anything else.  Some people built a spreadsheet with weighting factors 1-5 and fooled themselves into believing that there is a logic and…

August 2, 2016
0 comment
Read More >>

Year 12 – 1999 – Part 1 – Data analytics to assess risk

Wow – never realized how much work this would be.  I mean, I am only posting once a week – but it still takes a lot of time.  Not getting many comment, but I hope people are enjoying and learning from the posts.  I had hoped more people would share their experiences so we could learn from each other. I was now interested in expanding my use of data analytics…

May 16, 2016
2 comments
Read More >>

Year 10 – 1997 – The importance of data

Even now, I firmly believe that the potential for the Y2K disaster was real.  The only reason that its effects were minimized was a result of the hundreds of thousands of hours spent checking and rechecking programming code to address the “00” year problem before it occurred. For those of you too young to remember, prior to the year 2000, many databases and applications only used two digits for the…

May 2, 2016
0 comment
Read More >>

Year 9 – 1996 – Promoting CAATTs

I had been writing articles for the Internal Auditor (IIA) and other audit-related magazines for several years now, but I wanted to do more to educate and encourage auditors in the use of analytics.  One day I realized that if I assembled all of my previously published IIA articles, I had about 50% of the content necessary for a book on analytics.  So I started developing an outline and writing…

April 25, 2016
1 comment
Read More >>

Year 8 – 1995 – HR analysis

Our analytics team was running on all cylinders and achieving significant results.  There was not just my opinion, we received an ISACA Award of Excellence at the Info Tech Audit ’95 conference for leadership and contribution to IT Audit Community.  Amazingly, it was a $1,000 cash award.  The team (3 people) went for out for a celebratory dinner and donated the remaining funds to a local charity. By how we…

April 18, 2016
1 comment
Read More >>

Year 7 – 1994 – Transfer of Audit Analysis to Mgt

Having been a member of the IIA since 1990, I always looked forward to the Internal Auditor magazine.  However, it rarely included articles on computer-assisted audit tools and techniques (CAATTs).  I wrote the first of several articles on data analytics “Computer-Assisted Audit Tools and Techniques: The Power of CAATT is turning up the ‘can-do’ potential of some audit shops”.  It was published in February 1993 and, to my knowledge, was…

April 11, 2016
2 comments
Read More >>