Risk Insights Blog

Looking for Something?

Search for posts and comments here.

Audit analytics - reducing noise and false positives (Part 2)

#4. Internal Audit analytics - reducing noise and false positives - a contemporary approach (Part 2)

Part 1 laid out an approach to reducing false positives. Let's delve a bit deeper.


Some of the organisation's customers have multiple product specific accounts, and customers can combine (link) those, saving money through consolidation but without losing the varied functionality provided by the individual products. This is popular within the industry, as the saving is not trivial, but the linking can easily fail due to the associated level of system/process complexity. There has been a fair level of regulatory (and media) attention to such failures over the past few years, with hefty infringement penalties and costs.


The organisation's Internal Audit function is relatively small, with fewer than ten FTE, but progressive, punching significantly above its weight, and respected by stakeholders. The team decided to take a data driven approach to reviewing a certain category of products, opting to cover the full population of related accounts for ~16 months.


An open source tool was used to analyse various data sets, including:

  • customer master
  • account master
  • account linkages
  • transactions
  • CRM (free text)

(Because the CRM data was primarily free text, we used a set of natural language processing techniques, providing a level of structure, and then blended the processed data with the other structured data sets).


To put the exercise into perspective, the analysis included > 750 million source records.


With the data in a format that could be used easily, we performed several analyses. One of those was related to account linkage - identifying expected/potential account links and comparing those to the actual links that had been setup. The number of raw exceptions generated from this was significant - too many to investigate manually, and we expected that many of them would be false positives.


The next post explores a traditional approach to dealing with this problem - outlining why that wouldn’t work in this case and then explaining the resolution.


This article is part of the assurance analytics series.


Go to the Assurance Analytics Guide

Fin Services Public Sector Assurance / Audit Analytics