Data in Audit - a guide
Within assurance functions or for specific assurance projects, using data can help improve effectiveness (and efficiency).
There are various "analytics" guides, but few (if any) that are focused on the unique needs of assurance practitioners.
This guide is designed specifically for internal audit and assurance professionals.
If you lead an assurance function or you lead the use of data within assurance projects, you will probably consider:
If you are starting to use data, or you want to enhance your approach, start with this article: common challenges.
These articles outline considerations for oversight of the use of data within assurance functions.
One aspect of the use of data within audit has changed over the past few years. There has been a shift from bottom up thinking to an objectives based approach. What is the problem that needs to be solved?
The traditional, easy way, is to start with a library (a list of rules based analytics routines), but that won't help to properly achieve the assurance or value delivery goals.
Assurance professionals (typically) have a unique perspective across multiple functional areas.
Access to each business unit / department = potential to look into matters across the organisation.
So consider the organisation as a whole in scoping the data work to conduct.
Customers - don't care which part of the organisation is involved in providing a product or service to them, they care only about the service.
The Board - shouldn't be as concerned with which department you have reviewed but with what the potential risks and opportunities are - and this means you need to look across functional boundaries.
How can the story best be told? It could be function specific, but this is often not enough.
- Your high performing peers are not using analytics just to say "we used analytics"
- Your stakeholders expect to see integrated results from the analytics - not just an appendix to your report
- You can use data purely to confirm compliance, but try to strike a balance where possible
- Avoid duplication - check whether BAU activity already covers your hypotheses (i.e. how likely is it that you will uncover new insights, given data work conducted elsewhere in the organisation)
Some of the key points to consider in planning your assurance data project / activity include:
- Start early - it can take up to 3 months to source the data that you need
- Plan for iteration - a traditional project management approach does not always work - this article outlines a potential alternate approach
- Plan for time to confirm assumptions and to verify outcomes
- Full population procedures often produce high numbers of exceptions - this article explains one approach to dealing with the noise
4. Fieldwork: Process and Methodology
This process and methodology is specifically for assurance projects - internal audit and performance audit.
Key points to note:
- Start the data process before audit planning. Why?
- it takes time to get access to the data that you need
- you want the results of the data work to inform planning and fieldwork
- it takes time to explore and evaluate exceptions (anomalies)
- The data process is iterative, as outlined in the guide.
- Some steps may not be relevant, and you don't need to follow them all.
- Visualization is an important step - it enables easier exploration of the data and supports explanations/reporting.
Content preparation in progress - contact us for early access.
6. Tools and Techniques
Deliberately the last item in this topic - because it should not drive the approach.
It is still important, though. This article outlines the minimum set of software and considerations for selection.
Tools don't have to be costly. This article debunks 3 common myths associated with open source software.