Harness the power of data analytics to optimize your internal audit function
Today’s chief audit executives face unique challenges stemming from the frenetic pace of market changes, emerging technologies, and other environmental dynamics. While cybersecurity, privacy, fraud, and third-party risks are obvious vulnerabilities, it’s the as-yet unknown trends and anomalies that are keeping these executives, board members, and management awake at night.
The good news is that data, the building blocks of a performance-driven organization, can be a game changer for the internal audit function. By strategically harnessing the power of data and advanced technologies, internal auditors can increase the speed and efficiency in which data is examined to more accurately and comprehensively inform the identification, management, and reporting of risk.
In addition, embedding a powerful data analytics program into the auditing function enables:
- Laser-sharp audits founded on the most up-to-date data patterns, trends, and relationships, as well as anomalies
- Continuous auditing and monitoring routines that allow for more agile problem-solving
- More accurate audit coverage, fraud detection, and compliance
- Heightened audit efficiencies and cost savings
- Enhanced organizational awareness related to data availability and governance
- Satisfaction of third-party expectations and regulations relating to data analytics capabilities
- The recognition of internal audit as a value-added agent of change, with a stronghold on the current risk landscape and informed perspective of future challenges
Yet, despite these potential benefits and opportunities, many organizations are at a standstill, unsure of where or even how to embed data analytics into their IA functions. To get there, a re-tooling of talent and a shift in corporate culture are needed. But this isn’t the only barrier to overcome, and indeed, the constraints to transforming to a data-driven audit function may at first glance seem daunting.
Challenges to incorporating data analytics
There are several common challenges that may arise during the transformation process, including:
- An incomplete understanding of what data is available, and where it is housed
- The maturity level of the organization’s data governance processes and the ease with which data can be accessed
- The overall quality and integrity of available data
- The level of existing talent and skillsets needed to develop, implement, and sustain an internal data-driven IA function
- The lack of senior leadership support to allocate resources toward developing a continuous and technology-based data analytics program
Though significant, these challenges are not insurmountable. In fact, there are numerous steps internal auditors can take to mitigate these barriers and develop a strong data analytics program that facilitates an even stronger internal audit function.
A virtually unlimited flow of data requires a means to harness and capitalize upon it in real time.
How to get there: Incorporating analytics into the internal audit program
Organizations that are committed to developing a data-driven IA function employ a strategic approach to migrate data analytics into their methodologies, using an approach not too dissimilar from how they conduct their traditional audits. Essentially, it involves planning, execution, and reporting phases in which results of one build upon the previous step. The steps below illustrate some specific tasks that would be considered in establishing a strong data analytics program. Importantly, this strategic approach is aimed
at integrating data analytics into the audit culture and informing the resources required to transform the function on a continuous and long-term basis.
- Establish audit objectives
- Identify and locate available data to support objectives
- Request data (can be challenging)
- Convert data into a usable format and load data into a DA tool
- Review data for completeness, identify any gaps, and address as needed
- Develop test scripts and queries
- Execute DA scripts
- Interpret and analyze results
- Research and investigate based on results of query (e.g., outliers, anomalies, trends, variances)
- Review preliminary results with management and confirm findings
- Identify root causes and make recommendations as needed
- Assess results against objectives, and adjust and reperform if necessary
- Create a high-impact report using a visualization tool
- Report should describe analytics performed, results of analytics, and recommendations
- Report should also include any difficulties or limitations noted that relate to the analytics performed (continuous improvement)
Of course, not all organizations are on the same plane of use. Some companies today employ data analytics on a moderate scale. Some are further along, and still others are in the nascent stages of capitalizing on the wealth of data at their disposal. This is why flexibility and deep understanding of company resources and readiness are key.
How fast one proceeds is perhaps secondary to the core fact that organizations today are increasingly reliant upon data to manage everyday business-critical activities and make decisions that will impact future performance and profitability. Internal auditors can lead the way by communicating the value of analytics and the urgent need to incorporate data into risk management functions within the companies they serve. By embedding advanced data analytics into auditing culture and practices, companies may realize benefits that far outweigh the challenges of initially constructing the program, including a more efficient audit cycle, access to real-time data, and enhanced risk management and decision-making.
InsightBest Bites: December GovCon Lunch & Learn on CMMC, other security rulesBhavesh VadhaniCohnReznick’s December 2019 GovCon Lunch & Learn presented perspectives on DOD’s new Cybersecurity Maturity Model Certification. Click to learn more
Insight6 internal audit areas of focus for 2020George GallingerIn 2020, set resolutions to prioritize internal audit, build out your business plans, and support your long-term objectives. Click to get started.
InsightHow federal agencies can avoid 5 common cyber risksBhavesh Vadhani, Bill Hughes, Deborah NitkaStrong strategies, assessments, trainings, and other measures can help protect government agencies from cyber threats. Here’s where to start.
InsightNot concerned about the CCPA? If you receive Personal Information from California businesses, you probably should be.Alison BirdAs the Jan. 1 effective date of the California Consumer Privacy Act (CCPA) gets closer, don’t make the potentially costly mistake of assuming it doesn’t apply to you. Though the CCPA directly covers entities that collect Personal Information from California consumers, those entities must pass certain CCPA requirements through to their “service providers.” A failure to be prepared for those requirements could put you at a serious competitive disadvantage.
InsightAligning IT risks with Enterprise Risk Management (ERM)An organization’s viability depends more than ever on its ability to maneuver a minefield of emerging risks. That’s a formidable challenge, particularly in an era in which cyberthreats can disrupt operations overnight and prompt a volley of questions from business leaders the next day.