In the past few years, big data and data analytics have become buzz words in nearly all business settings. Experts estimate that there will be 35 trillion gigabytes of stored data in the world by 2020. Many organizations have been reacting quickly to the big data growth trend by increasing the capacity for reporting on the information and analyzing the data. The biggest strides in reporting have come from joining various data sets of related information to find correlations that lead to predictive analyses. An entire industry has sprung up around the concept of leveraging all of the collected information to gain strategic business intelligence. In fact many colleges and universities now have graduate programs dedicated to business intelligence.
Given there is now so much more data at our disposal, and there is an increase in the education available on how to use the information, we need to understand how auditors can take advantage of this new data saturated environment. In this article, we revisit the way in which auditors have treated data analytics in the past, discuss how data analytics have evolved to the present, and explore the future of this trend in the audit practice.
Internal Audit's Relationship to Data Analytics
The idea of using available data from a variety of sources is not new to internal auditors. Auditors are taught how to identify patterns and analyze data using methods ranging from simple trend analysis to more advanced regression analyses. Most of this work is commonly performed using Microsoft Excel’s native functionality.
Some audit departments have been able to take the next step and use more advanced tools. Software tools such as ACL and IDEA are used to extract data from other systems and run data analysis routines against this information. These types of systems require specialized knowledge gained through intensive training sessions. More advanced technologies are successfully used by data specialists, but The Institute of Internal Auditors (IIA) recommends use of data analytics across all levels of the audit staff and in all audits. Specifically, GTAG 16 - Data Analysis Technologies recommends that “members of the internal audit team will have a general understanding of data and data analysis software, and will have sufficient competency to review and interpret the results of automated analytic routines and perform simple analysis (sorting, filtering, grouping, and profiling)” (page 14).
Using Analytics in Audit Testing
Organizations like The IIA and The Association of Certified Fraud Examiners (ACFE) have long advocated the use of data analytics in all applicable audits and investigations. The recent updates to the COSO Control Framework have likewise focused more on fraud awareness and risk assessment than in the past, leading to an increased need for data analytics. While internal auditors may generally associate data analytics with fraud testing, aspects of a large financial audit, or with continuous monitoring, there are many other common audit tests that lend themselves to the use of analytics. In fact, data analytics can be used for much more than common analytical procedure testing only. Data analytics can add depth to controls testing, substantive testing of transactions, and detailed balance testing. For example, when reviewing large data sets of expense transactions, auditors are often testing for items such as transaction approval over a certain threshold, transactions posted at unusual times or dates, duplicate transactions, or performing a Benford test or cut off analysis. These procedures that would otherwise take days to test manually can be performed in minutes using an analytics tool. Testing with a data analytics tool also allows the auditor to review the entire population instead of a sample. Data analytics can also be used when testing IT Controls related to COBIT, FISCAM, NIST 800-53, or any other framework based testing, such as testing for appropriate system access, which can be performed in a matter of minutes by comparing complete, current user provisioning details to current university staff rosters.
Increasing Effectiveness for Auditors
The new generation of auditors has a completely unique perspective on technology and information. As audit departments onboard the incoming class of new hires, we have the opportunity to quickly increase the level of technology skill on staff. The new generation has grown up with near constant access to laptops, smart phones, the internet, and basic computer science education. It is definitely in everyone’s best interest to take advantage of what is considered a basic skill for the younger generation. One way to accomplish this is to allow new staff to take the lead in data analytics initiatives under appropriate supervision. Whether this is done with native Excel tools, advanced software packages like ACL, or Excel expansion software solutions like TeamMate Analytics, the learning curve for implementing data analytics with technologically savvy younger auditors may be drastically reduced, and the overall effectiveness of our audit departments will increase.
Toby is a Certified Internal Auditor (CIA) who holds an MBA with an Internal Audit specialization from Louisiana State University. He is also certified in Control Self-Assessment (CCSA), Risk Management Assurance (CRMA), Internal Control (CICA), and Fraud Examination (CFE). His professional background includes identification and documentation of weaknesses that result in heightened business risk, while recommending solutions to such situations. Toby began his career in internal audit with Macy's Inc. He then worked as an implementation and training consultant for Wolters Kluwer. As a Senior Market Development Consultant at Wolters Kluwer, Toby works with organizations that are looking for software solutions to their audit, risk and compliance needs.
Throughout his career, Toby has assisted numerous internal audit departments create, perform, and supervise financial, operational, and compliance audits to evaluate control frameworks, financial systems and operating procedures.