- Burak Özagazar, CPA, CMA
- E-mail to Burak
In the last decade of the 20th century, a rapid increase in data quantity, reduction in the data storage costs and improvements in the data analysis tools and techniques started to change the way organizations operate.
Effective management and successful adaptation to this change could only be manageable by developing the technical capacity of the existing IT structure. At this point, transition to the synchronized data reporting and using an automation tool of “Enterprise Resource Planning (ERP) systems” become inevitable.
By becoming widespread usage of ERP systems in organizations; data management approaches such as data collection, storage and usage started to be carried out over complex and multidimensional data tables, which also affected and caused radical changes in the field of internal audit assurance activities. At this point, it becomes clear that it is impossible to provide assurance on complex control systems with large volumes of transactions by traditional auditing lacing data-oriented and analytical approaches. It turned out that the detection of management weaknesses and fraud in a timely manner by covering the entire transaction population can only be achieved with data-oriented and automated approaches such as "continuous auditing" and "continuous monitoring".
Why Traditional Internal Audit Approach Become Insufficient in Data Driven Dynamic Environment?
In traditional internal audit approach, collecting and processing the data and reporting phases are conducted manually and subjected to high costs and significant time delays. Furthermore, audits were based on a representative sampling method which may not ensure success to detect all relevant audit findings.
Even if we assume that all relevant findings are detected by a representative sampling, traditional internal audit activities are performed periodically for a specific cycle such as order to cash, purchase to pay and etc, which may cause a time lag between “the leakage occurrence” and “detection”. Considering the damage/loss may increase depending on the prolonged detection time, early detection plays a vital role.
Through data-driven approach, collecting and processing the data and reporting phrases can be conducted on time with significantly reduced costs and a hundred percent population coverage.
Power of Dynamic Data-Driven Analytics in Internal Audit
The power of data driven dynamic analysis makes it possible to conduct continuous auditing and monitoring techniques in internal audit.
Once the audit queries are properly established based on the relevant audit scenarios, manual controls are replaced with automated controls through “continuous auditing” and “continuous monitoring”. Analytical tools can automatically pull the data from internal and external sources to reveal the hidden patterns and data correlations, allowing audit team to use its limited resources focusing on exception reports and red flags where human judgment is required. This approach can be repeated continuously on a defined frequency to identify control issues on a real time basis with minimized costs.
In “continuous monitoring” method, management or other users do not need to run a report to analyze the insights. The requested information and analysis results are reported on a real time basis in the format of dashboards, according to the designed dynamic audit queries.
Steps to Consider for Data-Driven Internal Audit Function
Resistance to change is a universal phenomenon. Despite the many potential benefits of data-driven approach, recent surveys indicate that approximately 75 percent of the companies have no formal analytic approach yet, and only 5 percent of the companies continuously use control monitoring tools and improve their analytical processes and procedures accordingly.
The top barrier to implementation of big data analytics is inadequate staffing or skills for big data analytics (Source: The Data Warehousing Institute (TDWI)). It is obvious that the idea is not to try to change the world overnight. The process will be intensive and ongoing. Internal auditors first need to become proficient in using analytics software and performing analysis and only after that they can apply data-analytics methods to deliver their internal audit projects.
Applying data-analytics to deliver internal audit projects starts with properly defined objectives which are aligned with the company strategy and governance. Change management, validation, access, data security, tool selection, initial and ongoing costs, data considerations (availability, accessibility, quality, format, storage, etc.) are critical considerations of strategy and governance.
Integrating data analytics into internal audit requires a comprehensive and sharp change in culture and the internal audit approach, but in return, it maximizes its ability to continuously monitor the key risks through an improved speed, accuracy and effective cost management.
The title of this article refers to a metaphor that comes from the act of sharpening knives. You sharpen a knife when it's dull to make it perform better. Referring to this metaphor, you can restructure your traditional internal audit function by implementing data analytics to respond risks better.
Don't you think it is time to keep up with the change for an effective assurance environment at your company