Recent technological advances have been seen as a catalyst of change within the business environment, bringing Internal Audit into a period of transformation. Recognizing this change and the need to manage this change at speed are auditors who can use IT advances to improve the quality of audits, extend the audit coverage to critical business areas, and ensure cost effectiveness.While the business landscape continues to evolve to take on a more proactive approach to risk management and regulatory compliance, the expectations of the Internal Audit (IA) function has broadened to provide assurance as well as advice and insights for improvement.
In order to drive maximum value from audits and enable businesses to identify areas of risks and improvement, IA is moving towards incorporating data analytics across the audit lifecycle by embracing data mining technology and data visualization methods. There are several factors that have really fueled the rise in the use of analytics in IA functions. The availability of data from past audits and Big Data technologies are redefining the focus on risk and fact-based insights. This helps IA gain a holistic view of organizational risks, control deficiencies, and exceptions.
Data analytics can be used throughout the entire audit process – from understanding the risk profile of auditable entities, and audit planning, to understanding the efficiency and effectiveness of controls, and analyzing audit findings or results. It also enables internal auditors to focus their efforts on evaluating compliance in line with business objectives, policies, and strategies. Additionally, through data analytics, Internal Audit can manage resources better, track the audit progress effectively, improve the audit cycle time,and accelerate reporting on audit findings. Applying analytics can help auditors move beyond traditional Internal Audit activities toward an environment with more sophisticated risk analyses and monitoring while keeping the cost low.
Organizations use technology to keep an eye on the heartbeat of the business. They do this using dashboards – whether graphic, text, or a combination of both – to highlight problem areas or issues. When a risk or risk area is high, it is red-flagged and decisions can be made to mitigate that risk or improve corrective measures. When using data analytics, risk data could be sourced from social media feeds, news feeds, etc., which is then stored in a structured manner and tied in with pre-designed themes. All this data can be extremely useful for Internal Audit. Auditors can gain in-depth intelligence on changes within the organization, problem areas, and risk or controls issues, helping IA plan focused audits accordingly.
Analytics can also be leveraged by IA to identify errors and anomalies during control monitoring which helps identify instances of risk, fraud, and inefficiencies and also provides the ability to detect trends in control issues. This requires the management and Internal Audit to work together to implement effective detective and preventive controls, address areas of risks, or assess whether the controls are adequate.
While technology may be used to test data when assessing if a control is working or not, it may not provide the necessary insights on the effectiveness of the controls. IA should also exercise caution when testing controls. Analytics can help to look deeper into scenarios for exceptions, duplications, and trends by comparing historic data and documenting the results across multiple business process areas.
While there are many ways to use technology to understand the risk of fraud, applying analytics has proven to be a useful screening tool to decide whether deeper analyses is required. Benford’s Law can be applied to detect data anomalies or manipulation in financial statements. This helps IA detect fraudulent or exceptional characteristics, or alternatively prove that there is no fraud even if there is an indication of huge control issues .
AML, for example, though difficult to detect, can be addressed using Big Data Analytics. As frauds get better, and take place from not only laptops but also from your mobile device, it becomes crucial for organizations to aggregate, consolidate, and analyze datato provide actionable insights.
Communicating the right audit results to the stakeholders at the right time is very crucial and one way of doing it is through the audit report. When communicating, the focus should be on what the management needs to know and when they need to know it. Many times, the way the management receives audit information differs from the business information reported from departments, teams, and peers. This makes it difficult for the management to understand and take action on the information.
By standardizing language and reporting methods, IA is at an advantage to share best practices and improve risk awareness across the organization. IA can leverage advanced data analytics such as predictive modelling and forecasting when conducting root cause analyses or hypothesis testing. The results can then be integrated into the management matrix and dashboards for stakeholders, facilitating quicker and more informed decision-making.
Protecting the business and delivering measurable value is a critical role for IA. Having a long-term analytical roadmap embedded in the audit function helps to sift through large volumes of data, evaluate hard facts, and bring this value closer to the decision makers. A lot of important traditional data collected during the audit process are maintained in Excel sheets, Access databases, or large traditional warehouses. A structured form of data capture, using the right technology, gives auditors a comprehensive view of all the risks affecting the business, and improves overall processes. Internal Audit stands at a better position to not only provide assurance but also deliver insights and foresights to business operations.