A Simple Analytics Roadmap for Auditors and Control Owners
Organizations, such as The Institute of Internal Auditors (IIA) and the Association of Certified Fraud Examiners (ACFE), have long advocated the use of data analytics in all applicable audits and investigations. Similarly, the COSO Control Framework, which focuses on fraud awareness and risk assessment, also supports an increased need for data analytics. Although auditors often associate data analytics with fraud testing, financial audits, or continuous monitoring, the fact is that data analytics can be used for much more than common numerical analytical procedure testing.
Data analytics adds depth to controls testing, substantive testing of transactions, and detailed balance testing. For example, when reviewing large data sets of expense transactions, auditors are often testing specific attributes all at once, such as transaction approval over a certain threshold, transactions posted at unusual times or dates, or duplicate transactions. Performing these procedures manually will usually take days, but all of these tests can now be performed all at once in just minutes using a data analytics tool.
Testing with a data analytics tool also allows auditors to review the entire population rather than just a sample.
Data analytics can be used when testing IT controls related to COBIT, ISOs, PCI, FISCAM, or NIST 800-53, including testing for appropriate system access, which can be performed in a matter of minutes by comparing complete, current user provisioning details. And, not all analytical testing is related to numbers. Data analytics can be used for faster, more complete testing of access controls by comparing system access reports to employee record systems, like Active Directory. With all of these benefits, why aren’t auditors using data analytics in every audit?
Download the report to learn more.