Setting the proper objective is critical to delivering on a quality, value-add audit. It must be strongly linked to the goals and objectives of the entity being audited; drive the risk identification and assessment; and be a foundation for the audit workplan and conduct of the audit. And ultimately, is it the statement upon which the audit concludes. Yet too many audits have poor objectives. I have performed analysis in…
Dave Coderre, Co-Founder CTRLmatters It occurred to me today that I have been performing internal audits and reviews for more than half my life. Throughout the years I had had many failures and successes. I have learned from both by identifying lessons-learned when things worked and even more importantly when they didn’t. I also took responsibility for my failures and shared my successes with the auditors on my teams. In…
When I tell people that I am an internal audit, three things happen: first I must explain that I am not from the IRS and will not be auditing their taxes. The second, I must tell them that I do not just focus on financial statements, or fraud, but conduct many types of audits. This often leads to the third comment, perhaps in jest, “So, you are just interested in…
For years I have been thinking about Risk, Controls, Black Swans and Entropy; and more recently about Analytics and RPA. Only recently did I understand how these are all connected and impact large and small organizations – particularly in activities that are high-risk and strictly controlled. Sadly, these tightly controlled areas are often overlooked until it is too late. Which bring us to Risk and Controls. Risk and Controls: Business…
I purposely made the first title more dramatic than needed to make people understand that Continuous Auditing needs to be looked at from a different perspective. In fact, it is the original perspective – Risk and Controls – the needs to be adopted. Unfortunately, the concept of Continuous Auditing transformed into “data analysis” which often resulted in auditors simply reporting errors and exceptions and not tying these back to the…
For years I have written about data analysis to identify and assess risk, to detect and prevent fraud, and to improve business processes (efficiency and effectiveness). Please allow me to, just this once, talk about something more personal that affects every parent and every child: “The Talk” about sex. If you are like me, a father of two girls, I was more than happy to let my wife give them…
Are you an IT auditor who takes comfort in your specialized knowledge and feels secure in assessing general and application controls – but does no more? Then you need to wake-up to today’s business environment and step out of your comfort zone. You also will probably need to pull the general auditor away from the safety of pure compliance audits. The notion of the integrated auditor was usually applied to…
The unrelenting advancement of technology is affecting virtually every aspect of our lives. And as technology becomes more pervasive, so do schemes to commit fraud. Fraudsters are taking advantage of users’ inexperience with newer technology and weaknesses in the controls to perpetuate these schemes. This is proving to be a challenge for evaluators, auditors and investigators in their efforts to identify and detect fraud. However, technology is also a tool…
I am at the end of day two of teaching an introductory ACL to a really good group of students. They are quick to grasp the concepts as we go through different commands and ACL functionality. They are able to answer pointed questions like: give me three ways to ‘sort’ a file. However, when I ask, “where could you use ‘insert an ACL command here’ in your audit work?” they…
Stratify has to be one of my favourite commands. It quickly gives more details regarding the distribution (Low, Medium, and High) of the selected numeric fields (e.g. number of low, medium, high dollar contracts). This can help with sampling (which I don’t really like to do). The records in the “High” categories may number only a few, but they often represent a significant portion of the amount. A stratified sampling…