Making IT Audit more effective and relevant – part #1

Are you an IT auditor who takes comfort in your specialized knowledge and feels secure in assessing general and application controls – but does no more?  Then you need to wake-up to today’s business environment and step out of your comfort zone.  You also will probably need to pull the general auditor away from the safety of pure compliance audits.  The notion of the integrated auditor was usually applied to…

September 2, 2018
Read More >>

ACL Scripts Part #2

I hope that, after having read, and tried, the approaches to developing ACL scripts in the Part #1 post, you are anxious to learn more.  Certainly, the Part #1 suggestions will allow you to build simple scripts to re-run analysis, but there is more to scripting: more power, flexibility and control.  In particular, you may want to control the ACL environment to allow the scripts to run without, for example,…

June 22, 2018
Read More >>

Data analytics, the essential and underutilized tool in detecting, assessing, and preventing fraud

The unrelenting advancement of technology is affecting virtually every aspect of our lives.  And as technology becomes more pervasive, so do schemes to commit fraud. Fraudsters are taking advantage of users’ inexperience with newer technology and weaknesses in the controls to perpetuate these schemes.  This is proving to be a challenge for evaluators, auditors and investigators in their efforts to identify and detect fraud.  However, technology is also a tool…

September 17, 2017
Read More >>

Seeing Analytics

I am at the end of day two of teaching an introductory ACL to a really good group of students.  They are quick to grasp the concepts as we go through different commands and ACL functionality.  They are able to answer pointed questions like: give me three ways to ‘sort’ a file. However, when I ask, “where could you use ‘insert an ACL command here’ in your audit work?” they…

August 26, 2017
Read More >>

Stratify

Stratify has to be one of my favourite commands.  It quickly gives more details regarding the distribution (Low, Medium, and High) of the selected numeric fields (e.g. number of low, medium, high dollar contracts).  This can help with sampling (which I don’t really like to do).  The records in the “High” categories may number only a few, but they often represent a significant portion of the amount.  A stratified sampling…

July 3, 2017
Read More >>

Year 30 + P-card fraud

I didn’t realize how quickly it would take to get to 30 years when posting one blog per week for each year (30 weeks).  Even drawing some of the posts out to two weeks didn’t add much.  So now I am posting additional analysis performed over the years.  Another thing I didn’t take into account was that I would continue to perform analysis – even after I retired.  So I…

January 7, 2017
Read More >>

Year 26 – 2013 – Payroll

 I haven’t looked at payroll very often; at least not as often as I think I should or would have liked.  Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk.   This belief is often transferred to audit even…

October 31, 2016
Read More >>

Year 25 – 2012 – Vacation Leave and Sick days

 I always jump at the chance to perform analysis in non-financial areas.  Not only does this expand my knowledge of audit risks and different business processes, but it also further demonstrates the flexibility and power of analytics.  Some of the analytics I have perform include areas such as environmental control, HR – staffing, succession planning, transportation, maintenance, IT security, system conversion, control testing and risk.  Normally, there is an element…

October 24, 2016
Read More >>

ACL Connections 2016

Sorry, I missed posting last week as I was at ACL Connections 2016.  It was another great conference – lots of experienced users as well as new users.  The user forum folks got to together for a dinner and had a chance to meet face-to-face.  I asked each of them to describe a “cool” analysis they had done and almost everyone talked about use REGEXFIND() or REGEXREPLACE() which made me…

September 26, 2016
Read More >>

Year 21 – 2008 – part 2 – Payroll and Vacation

No having to rely on samples allowed us to perform audits more efficiently and effectively.  The audit results were more easily defendable (no arguments about the representativeness of the sample and the validity of the extrapolation).  It also supported better coverage and more comprehensive audits. Vacation audit – the company allowed employees to carry forward vacation days – but different unions had negotiated different amounts.  Depending on the union to…

September 5, 2016
Read More >>