Unlocking the Value of Audit Analytics: Results-Focused Analytics
As we come to an end of the series, “Unlocking the Value of Audit Analytics”, I would like to thank you for following and re-posting. I hope you have benefited from these insights and continue to look out for more blog posts from CaseWare Analytics.
Today, we’re focusing on how to get tangible value from using data analytics in the audit process.
Data analytics is sometimes perceived as an unforgiving adventure. There are times when very little work results in significant findings. Other times, you spend an alarming amount of the budget and have little to report. It is important to recognize that the quantity of findings are not a measure of how well you executed and therefore try to avoid “chasing” findings.
Chase Insights, Not Findings
Use of data analytics must support, not counter, the audit purpose. With or without data analytics, the audit goal is to provide assurances to the business about the internal control environment and the financial reporting system. With data analytics you have the opportunity to examine 100% of available data quickly and effectively. As a bonus, it can also provide insights into the root cause of internal control failures.
A significant challenge can be getting results with less experienced team members who are “hooked on findings”. If every anomaly in the data is treated as a huge finding the result is puppies chasing squirrels in the garden. The enthusiasm is great, but not the result/reward. There is still the matter of the budget, deadlines, value and actually completing the audit with appropriate evidence to support your assurance.
Taking time to discover and understand data takes discipline. Auditors must be able to perform discovery and note what they are finding but not chase these “findings”. At least, not until they understand all the key data elements in the context of the business. For example, seeing a payroll status of “V” where you expected only A, T, P, X and C is important to validate before testing payroll earning transactions controls.
It is advisable to create a simple but effective process where the team or individual goes through and understands key fields. Simulate calculations and validate relationships/correlations and note initial anomalies before testing internal controls. It is critical that no one chases potential findings at this time.
By executing data analytics in a disciplined way, your findings will help determine where to focus for results. If the discovery identifies a potential regulatory non-compliance that attracts $1 million fine per breach and another discovery identifies a potential loss of $100,000, where would you focus your efforts?
The Typical Chase
Let’s examine a scenario of a typical “chase”. Say you are analyzing sales transactions in a retail chain. Specifically, you are assessing pricing controls in a system that prevents low prices resulting in losses. A member of the team identifies transactions where items are being sold at a loss. He immediately says the control is not working and starts the chase.
After spending four days collecting support for his findings he learns the items are all sold from a damaged goods warehouse; four days only to learn that the control is working as intended.
A key to preventing this is to always approach initial findings as if the control is working and there is something you don’t know; the knowledge gap. Most importantly, to finish the data discovery and get a complete picture.
In this specific case the data would also have the stores where the transactions occurred. A quick discovery of the stores field reveals 603 locations. This contradicts documentation gathered during the audit that states the company has only 600 stores. An inquiry into the 3 unknown locations would have revealed the damaged goods warehouses. The two insights together would have prevented the chase.
Want to learn more?
If you want to hear more on this topic, Seren Dagdeviren of Ivanhoé Cambridge and I will be presenting at the 2015 IIA International Conference this July. Join us on July 7th at 12:45 pm to hear more example of maximizing the potential of audit through relevant insights with the use of data analytics.
About Andrew Simpson:
Andrew Simpson has close to two decades of experience in the information systems audit and security business; specifically data analytics, interrogation and forensics. He is a regular contributor to various auditing conferences and is acknowledged as an expert on continuous controls monitoring and revenue assurance.