BACKGROUND
The basics of Internal Audit remain the same
– add value and manage risk; but it cannot operate in isolation, and just as
technology continues to revolutionise the way we do business in the 21st
century, Internal Audit is not immune from disruption.
The business environment is changing rapidly
in the face of the data revolution. IDC predicts that worldwide data will
increase by 61% and reach 175 zetta bytes by 2025. What is new is the ubiquity
and volume of data. From big data to data science to predictive analytics, data
is everywhere.
Management today makes use of tools and
technologies like ERP, analytics, visualisation, artificial intelligence, etc.,
and converts available data into information for better, more informed
decisions impacting the business. Should the Internal Auditor be left behind?
Internal Audit is one of the professions
where developments affecting data (data availability, data sources, data
analysis, etc.) are particularly important and impactful.
The opening lines of the popular science
fiction serial of the 1970s, ‘Star Trek – Space, The Final Frontier’,
are: These are the voyages of the Star Ship Enterprise. Its five-year mission
– to explore strange new worlds, to seek out new life and new civilizations, to
boldly go where no man has gone before. Those words are etched in our
minds.
To draw a parallel to that, the future of
Internal Audit is to explore and apply new tools and technologies. Not just for
the sake of ‘me too’ but to be relevant and –
- do more (continuously add value) with less
resources;
- be in tune with audit tools and
technology, similar to those being adopted by businesses (increasingly,
management is now working with 4th and 5th generation
tools and technologies and auditors cannot use 1st or 2nd
generation tools and technologies any more);
- continuously upgrade skills in the face of
this data revolution.
TOWARDS A DATA-DRIVEN FUTURE – SURVEY
CaseWare IDEA Inc., Canada conducted a
survey in late 2019 wherein about 400 Internal Audit professionals from junior
auditors to the C-Suite level were surveyed and responses were gathered from
around the world on their approach to audit through the lens of technology.
To offer an unbiased assessment of the state
of Internal Audit in 2020, this survey was tool agnostic.
Who was surveyed?
Geographic distribution of the survey
Geographic Distribution
The survey was promoted globally across multiple channels. Although a plurality (42%) of respondents operate out of North America, the survey results reflects the views of audit professionals from all major global geographic regions, including Asia Pacific (20%), Latin America (17%), Europe (11%), Africa (8%), and the Middle East (2%).
Topics covered in
the survey
Feedback was
sought from the respondents on the following areas:
- Current and
planned elements of Internal Audit approaches;
- Most
significant Internal Audit challenges;
- Data
analytics in Internal Audit;
- Artificial
Intelligence and Machine Learning in Internal Audit activities;
- Cloud
Technology in Internal Audit;
- Training and
adoption of audit technology;
- Priorities
for 2020, and much more.
Findings
of the survey
The survey
findings suggested that individuals and leadership within the Internal Audit
profession are aware of the unique opportunities that are being offered by new
technologies and data analytics, but they are struggling to:
- Embrace and
adopt these new technologies
- Train
internal audit staff on technology tools
- Move from
traditional, manual processes to data-driven auditing processes.
Compliance
demands – a perennial challenge for Internal Audit – continue to rank as one of
the top priorities for auditors and data ethics is taken seriously by most
respondents.
The year ahead
for Internal Audit will be marked by:
- The adoption
of data analysis technology,
- The
optimisation of existing audit technology,
- Training
auditors on audit technology.
Many of these
challenges and priorities are interconnected and together they represent a
global movement towards data-driven audit.
Top
challenges – an overview
In the survey,
audit professionals were asked to address their biggest audit challenges
currently, and the answers reflect the views of respondents as they stood at
the close of 2019. When asked to name their top Internal Audit challenges,
three clear priorities emerged as the top challenges faced by auditors,
regardless of role or geographic location.
Leading the
charge was the need to move from traditional, manual processes to data-driven
audit, a priority which 62% of respondents named as a top audit challenge.
Close behind were the need to adopt new technology (57%) and addressing the
skills shortage (47%).
Need for
adoption of data-driven audit
Data-driven
audit uses technology, big data, data analytics, and even predictive analytics,
to make auditing a data-centric, risk-sensitive, technology-enabled, continuous
activity.
Data-driven
auditing is an approach marked by:
- The use of
data analytics technology;
- A decreased
reliance on manual tools and processes (e.g., traditional spreadsheets and
sampling);
- Results-based
decision-making that enables both the auditor and the client to find more value
in an audit;
- Using these
approaches to enable management to minimise risk.
Data-driven
audit shirks conventional, manual approaches to auditing to realise a future of
data-based decision-making.
BENEFITS OF DATA ANALYTICS – KEY POINTS
Clients,
customers and investors alike have little tolerance when controls fail to
reveal erroneous data used in operational decisions and financial reporting.
Undetected errors in systems and data can also yield opportunities for fraud
and abuse. The best tool that can be used to determine the reliability and
integrity of information systems is data analysis software.
Audit results
gleaned from competent data analysis activities by Internal Audit can shine a
light on the issues lying within the organisation’s data. When properly used by
trained audit staff, data analysis software can be incorporated into audit
plans to provide both assurance and consulting service opportunities to the
organisation’s information systems and thus become the true cornerstone of an
effective audit function.
Some of the key
benefits of the use of data analytics are:
- In-depth
review of process-generated data rather than traditional sample checks which
are ineffective and inefficient;
- Ability to
reveal surprises and insights which the client management never knew about – true
value add;
- Possibility
to go beyond controls and focus on cost saving and revenue maximisation;
- Concurrent
use of data analytics in audit significantly reduces compliance costs;
- Framework to
automate complex Management Control ‘MIS’ reports through Automatic Routines –
‘Macros’.
DATA ANALYTICS MATURITY DECISION
FOR INTERNAL AUDIT
Different
types of data analytics
Organisations
need to consider different types of data analytics:
- Descriptive
analytics interprets historical data;
- Predictive
analytics predicts future outcomes based on historical data;
- Diagnostic
analytics examines the data and asks ‘why?’
- Prescriptive
analytics identifies the best course of action based on the analysis of
data.
The data
analytics maturity scale
Whatever the
benefits of automating data analytics, the organisation needs to determine at
the strategic level how data analytics might best contribute to its audit
goals.
This strategic
activity can benefit from considering data analytics in terms of ‘maturity’
stages below:
Traditional
Auditing: Data
analytics may be used but is mainly descriptive and applied during the planning
phase.
- Ad Hoc
Integrated Analytics: This may include both descriptive and diagnostic
analytics at the planning and execution phases (e.g., identifying outliers),
but is carried out in an ad hoc rather than systematic manner.
- Continuous
Risk Assessment and Auditing: This may include all types or categories of
data analytics in a pre-defined automated set. This set provides ongoing data
to auditors.
- Integrated
Continuous Auditing and Continuous Monitoring: A full set of automated
analytics is deployed and permits continuous monitoring by management, as well
as a continuous data flow to the audit shop. The systems are largely seamless
and integrated.
- Continuous
Assurance of Enterprise Risk Management: A full set of automated analytics
is deployed, as with level 4. In addition, there is a further emphasis on
aligning continuous data analysis with strategic enterprise goals. The internal
audit plan is ‘dynamic’ in response to risk fluctuation.
CONCLUSION
The road for
internal auditing in 2020 and beyond would be:
- Upgrade
skill-sets and become aware; explore and apply available and emerging tools and
techniques;
- Adopt a
data-driven approach to auditing, using tools and technologies like audit apps,
data analytics, machine learning, artificial intelligence, etc.;
- To add value
to the organisation and be a trusted business adviser to management.
The second
part of this article will cover practical cases with steps for using analytics
and conducting data-driven audits.
