Analytics – Pet Peeves

As a promoter of data analysis for fraud, internal controls, and audit for more than 30 years, I am often asked, “Which software tools or application should I use?”  While I have packages that I have used for 30+ years, and am a co-founder of an data analytics service provider (WWW.CTRLmatters.Com) , I hesitate to answer the question.  The capabilities and robustness of data analytics are changing very quickly, and…

January 29, 2022

Better Audit Recommendations

Setting the proper objective is critical to delivering on a quality, value-add audit.  It must be strongly linked to the goals and objectives of the entity being audited; drive the risk identification and assessment; and be a foundation for the audit workplan and conduct of the audit.  And ultimately, is it the statement upon which the audit concludes. Yet too many audits have poor objectives. I have performed analysis in…

January 20, 2022

My Analytics Journey

Dave Coderre, Co-Founder CTRLmatters It occurred to me today that I have been performing internal audits and reviews for more than half my life.  Throughout the years I had had many failures and successes.  I have learned from both by identifying lessons-learned when things worked and even more importantly when they didn’t.  I also took responsibility for my failures and shared my successes with the auditors on my teams. In…

November 4, 2021

More than Controls

When I tell people that I am an internal audit, three things happen: first I must explain that I am not from the IRS and will not be auditing their taxes.  The second, I must tell them that I do not just focus on financial statements, or fraud, but conduct many types of audits.  This often leads to the third comment, perhaps in jest, “So, you are just interested in…

April 14, 2021

Risk, Controls, Entropy, Black Swans, Analytics and RPA

For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA.  Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled.  Sadly, these tightly controlled areas are often overlooked until it is too late.  Which bring us to Risk and Controls. Risk and Controls:  Business…

August 23, 2019

The Death of Continuous Auditing – part 2

I purposely made the first title more dramatic than needed to make people understand that Continuous Auditing needs to be looked at from a different perspective.  In fact, it is the original perspective – Risk and Controls – the needs to be adopted.  Unfortunately, the concept of Continuous Auditing transformed into “data analysis” which often resulted in auditors simply reporting errors and exceptions and not tying these back to the…

February 25, 2019

Identifying Potential Duplicates

The identification of duplicates ultimately comes down to finding a balance between the False Positives, False Negatives and True Duplicates.  This article discusses various approaches to reducing the number of False Positive and False Negatives – making the duplicate results more reliable. The concept of identifying duplicates is fairly simple: do two records have the same values?  If yes, then they are duplicates.  However when dealing with names and addresses…

January 4, 2019

Helping Parents with their Children’s Sex Education

For years I have written about data analysis to identify and assess risk, to detect and prevent fraud, and to improve business processes (efficiency and effectiveness).  Please allow me to, just this once, talk about something more personal that affects every parent and every child: “The Talk” about sex. If you are like me, a father of two girls, I was more than happy to let my wife give them…

December 6, 2018

Making IT Audit more effective and relevant – part #1

Are you an IT auditor who takes comfort in your specialized knowledge and feels secure in assessing general and application controls – but does no more?  Then you need to wake-up to today’s business environment and step out of your comfort zone.  You also will probably need to pull the general auditor away from the safety of pure compliance audits.  The notion of the integrated auditor was usually applied to…

September 2, 2018

ACL Scripts Part #2

I hope that, after having read, and tried, the approaches to developing ACL scripts in the Part #1 post, you are anxious to learn more.  Certainly, the Part #1 suggestions will allow you to build simple scripts to re-run analysis, but there is more to scripting: more power, flexibility and control.  In particular, you may want to control the ACL environment to allow the scripts to run without, for example,…

June 22, 2018