Subscribe to the Bombay Chartered Accountant Journal Subscribe Now!

August 2020

DATA-DRIVEN INTERNAL AUDIT – I

By Deepjee Singhal | Manish Pipalia
Chartered Accountants
Reading Time 8 mins

BACKGROUND

The basics of Internal Audit remain the same
– add value and manage risk; but it cannot operate in isolation, and just as
technology continues to revolutionise the way we do business in the 21st
century, Internal Audit is not immune from disruption.

 

The business environment is changing rapidly
in the face of the data revolution. IDC predicts that worldwide data will
increase by 61% and reach 175 zetta bytes by 2025. What is new is the ubiquity
and volume of data. From big data to data science to predictive analytics, data
is everywhere.

 

Management today makes use of tools and
technologies like ERP, analytics, visualisation, artificial intelligence, etc.,
and converts available data into information for better, more informed
decisions impacting the business. Should the Internal Auditor be left behind?

 

Internal Audit is one of the professions
where developments affecting data (data availability, data sources, data
analysis, etc.) are particularly important and impactful.

 

The opening lines of the popular science
fiction serial of the 1970s, ‘Star Trek – Space, The Final Frontier’,
are: These are the voyages of the Star Ship Enterprise. Its five-year mission
– to explore strange new worlds, to seek out new life and new civilizations, to
boldly go where no man has gone before.
Those words are etched in our
minds.

 

To draw a parallel to that, the future of
Internal Audit is to explore and apply new tools and technologies. Not just for
the sake of ‘me too’ but to be relevant and –

  •  do more (continuously add value) with less
    resources;
  •  be in tune with audit tools and
    technology, similar to those being adopted by businesses (increasingly,
    management is now working with 4th and 5th generation
    tools and technologies and auditors cannot use 1st or 2nd
    generation tools and technologies any more);
  •  continuously upgrade skills in the face of
    this data revolution.

 

TOWARDS A DATA-DRIVEN FUTURE – SURVEY

CaseWare IDEA Inc., Canada conducted a
survey in late 2019 wherein about 400 Internal Audit professionals from junior
auditors to the C-Suite level were surveyed and responses were gathered from
around the world on their approach to audit through the lens of technology.

 

To offer an unbiased assessment of the state
of Internal Audit in 2020, this survey was tool agnostic.

 

Who was surveyed?

 

 

Geographic distribution of the survey


Geographic Distribution

The survey was promoted globally across multiple channels. Although a plurality (42%) of respondents operate out of North America, the survey results reflects the views of audit professionals from all major global geographic regions, including Asia Pacific (20%), Latin America (17%), Europe (11%), Africa (8%), and the Middle East (2%).

 

 Topics covered in
the survey

Feedback was
sought from the respondents on the following areas:

  • Current and
    planned elements of Internal Audit approaches;
  • Most
    significant Internal Audit challenges;
  • Compliance
    demands;
  •  Data
    analytics in Internal Audit;
  •  Artificial
    Intelligence and Machine Learning in Internal Audit activities;
  •  Cloud
    Technology in Internal Audit;
  •  Training and
    adoption of audit technology;
  •  Priorities
    for 2020, and much more.

 

Findings
of the survey

The survey
findings suggested that individuals and leadership within the Internal Audit
profession are aware of the unique opportunities that are being offered by new
technologies and data analytics, but they are struggling to:

 

  •  Embrace and
    adopt these new technologies
  •  Train
    internal audit staff on technology tools
  •  Move from
    traditional, manual processes to data-driven auditing processes.

 

Compliance
demands – a perennial challenge for Internal Audit – continue to rank as one of
the top priorities for auditors and data ethics is taken seriously by most
respondents.

 

The year ahead
for Internal Audit will be marked by:

  •  The adoption
    of data analysis technology,
  •  The
    optimisation of existing audit technology,
  •  Training
    auditors on audit technology.

 

Many of these
challenges and priorities are interconnected and together they represent a
global movement towards data-driven audit.

 

Top
challenges – an overview

In the survey,
audit professionals were asked to address their biggest audit challenges
currently, and the answers reflect the views of respondents as they stood at
the close of 2019. When asked to name their top Internal Audit challenges,
three clear priorities emerged as the top challenges faced by auditors,
regardless of role or geographic location.

 

Leading the
charge was the need to move from traditional, manual processes to data-driven
audit, a priority which 62% of respondents named as a top audit challenge.
Close behind were the need to adopt new technology (57%) and addressing the
skills shortage (47%).

 

Need for
adoption of data-driven audit

Data-driven
audit uses technology, big data, data analytics, and even predictive analytics,
to make auditing a data-centric, risk-sensitive, technology-enabled, continuous
activity.

 

Data-driven
auditing is an approach marked by:

  •  The use of
    data analytics technology;
  •  A decreased
    reliance on manual tools and processes (e.g., traditional spreadsheets and
    sampling);
  •  Results-based
    decision-making that enables both the auditor and the client to find more value
    in an audit;
  •  Using these
    approaches to enable management to minimise risk.

 

Data-driven
audit shirks conventional, manual approaches to auditing to realise a future of
data-based decision-making.

 

BENEFITS OF DATA ANALYTICS – KEY POINTS

Clients,
customers and investors alike have little tolerance when controls fail to
reveal erroneous data used in operational decisions and financial reporting.
Undetected errors in systems and data can also yield opportunities for fraud
and abuse. The best tool that can be used to determine the reliability and
integrity of information systems is data analysis software.

 

Audit results
gleaned from competent data analysis activities by Internal Audit can shine a
light on the issues lying within the organisation’s data. When properly used by
trained audit staff, data analysis software can be incorporated into audit
plans to provide both assurance and consulting service opportunities to the
organisation’s information systems and thus become the true cornerstone of an
effective audit function.

 

Some of the key
benefits of the use of data analytics are:

  •  In-depth
    review of process-generated data rather than traditional sample checks which
    are ineffective and inefficient;
  •  Ability to
    reveal surprises and insights which the client management never knew about – true
    value add
    ;
  •  Possibility
    to go beyond controls and focus on cost saving and revenue maximisation;
  •  Concurrent
    use of data analytics in audit significantly reduces compliance costs;
  •  Framework to
    automate complex Management Control ‘MIS’ reports through Automatic Routines –
    ‘Macros’.

 

DATA ANALYTICS MATURITY DECISION
FOR INTERNAL AUDIT

Different
types of data analytics

Organisations
need to consider different types of data analytics:

  •  Descriptive
    analytics
    interprets historical data;
  •  Predictive
    analytics
    predicts future outcomes based on historical data;
  •  Diagnostic
    analytic
    s examines the data and asks ‘why?’
  •  Prescriptive
    analytics
    identifies the best course of action based on the analysis of
    data.

 

The data
analytics maturity scale

Whatever the
benefits of automating data analytics, the organisation needs to determine at
the strategic level how data analytics might best contribute to its audit
goals.

This strategic
activity can benefit from considering data analytics in terms of ‘maturity’
stages below:

Traditional
Auditing:
Data
analytics may be used but is mainly descriptive and applied during the planning
phase.

  •  Ad Hoc
    Integrated Analytics: This may include both descriptive and diagnostic
    analytics at the planning and execution phases (e.g., identifying outliers),
    but is carried out in an ad hoc rather than systematic manner.
  •  Continuous
    Risk Assessment and Auditing:
    This may include all types or categories of
    data analytics in a pre-defined automated set. This set provides ongoing data
    to auditors.
  •  Integrated
    Continuous Auditing and Continuous Monitoring:
    A full set of automated
    analytics is deployed and permits continuous monitoring by management, as well
    as a continuous data flow to the audit shop. The systems are largely seamless
    and integrated.
  •  Continuous
    Assurance of Enterprise Risk Management:
    A full set of automated analytics
    is deployed, as with level 4. In addition, there is a further emphasis on
    aligning continuous data analysis with strategic enterprise goals. The internal
    audit plan is ‘dynamic’ in response to risk fluctuation.

 

CONCLUSION

The road for
internal auditing in 2020 and beyond would be:

  •  Upgrade
    skill-sets and become aware; explore and apply available and emerging tools and
    techniques;
  •  Adopt a
    data-driven approach to auditing, using tools and technologies like audit apps,
    data analytics, machine learning, artificial intelligence, etc.;
  •  To add value
    to the organisation and be a trusted business adviser to management.

 

The second
part of this article will cover practical cases with steps for using analytics
and conducting data-driven audits.

 

 

You May Also Like