Updated: 2 days ago
As an internal auditor, you or someone in your team will have been using Computer Assisted Audit Techniques / basic rules to identify duplicate invoices, payments and payroll transactions for some time - they first appeared more than a decade ago.
While these techniques have helped identify errors in transaction records, the expectations and mandates of your Internal Audit function is evolving. Recent surveys of key stakeholders globally are highlighting that businesses are expecting you, as their third line of defence, to highlight risks to objectives and strategy.
At a recent global conference, there were a few presentations on data and analytics.
If someone outside of the profession listened to the discussions, they would be forgiven for thinking that IA hasn't made much progress, apart from enhanced visuals and dashboards.
Is that the reality?
Fortunately, this is not the case.
There are a number of IA teams that are not dissimilar to yours, using newer approaches and techniques in the conduct of their analytics work. Some of the techniques in use are:
text analytics: analysis of text (structured & unstructured), including NLP (natural language processing)
similarity searches / "fuzzy" matching
machine learning: e.g. predictive models to help reduce false positives, and provide better outcomes than traditional sampling
Using these techniques expands the range of questions that you can answer / risks that you can identify; they are useful regardless of the volume of data that you need to analyse, but are particularly useful when you need to (or want to) crunch through large sets of data.
Some teams are looking at hundreds of millions of records within individual audits.
Expanding the range of techniques used has helped them with processing (i.e. making the analysis possible, without noise). Importantly, they have been able to produce high-value, tangible insights and outcomes; often helping to surface customer service issues, revenue leakage and unnecessary expenditure.
The techniques outlined earlier help solve specific challenges and are not simply all thrown in to prove/disprove every hypothesis.
If you use them appropriately, they can help you to improve the efficiency and effectiveness of your audits, and also help your team to provide additional value to your stakeholders.
Have you used any of these or other contemporary techniques in conducting analytics for your internal audits?