Risk Insights Blog

Looking for Something?

Search for posts and comments here.

file (21)

Internal Audit analytics - yes, it does go beyond CAATs / basic rules

If you work within internal audit, you or someone in your team will have been using Computer Assisted Audit Techniques / basic rules to identify duplicate invoices, payments and payroll transactions for some time.


While these techniques have helped identify errors in transaction records, the expectations and mandates of your Internal Audit function continually evolve.


Surveys of key stakeholders globally have highlighted that businesses are expecting you, as their third line of defence, to focus on higher order risks - those related to objectives and strategy.

At a recent global IIA conference, there were a few presentations on data and analytics.
If someone outside of the profession listened to the discussions, they would be forgiven for thinking that IA hasn't made much progress, apart from enhanced visuals and dashboards.


Is that the reality?


Fortunately, this is not the case.


There are a number of IA teams that are using newer approaches and techniques in the conduct of their analytics work. This includes:

  • text analytics: analysis of text (structured & unstructured), including NLP (natural language processing)

  • similarity searches / "fuzzy" matching

  • machine learning: e.g. predictive models to help reduce false positives, and provide better outcomes than traditional sampling

This expands the range of questions that can be answered / risks that can be identified; they are useful regardless of the volume of data that you need to analyse, but are particularly useful when you need to (or want to) crunch through large sets of data.


Some teams are looking at hundreds of millions of records within individual audits.


Expanding the range of techniques used has helped them with processing (i.e. making the analysis possible, without noise). Importantly, they have been able to produce high-value, tangible insights and outcomes; often helping to surface customer service issues, revenue leakage and unnecessary expenditure.


The techniques outlined earlier help solve specific challenges and are not simply all thrown in to prove/disprove every hypothesis.


If used appropriately, they can help improve audit efficiency and effectiveness - providing additional value to stakeholders.


Have you used any of these or other contemporary techniques in conducting analytics for your internal audits?



This article is part of the assurance analytics series.


Go to the Assurance Analytics Guide

Fin Services Public Sector Assurance / Audit Analytics