Heard of the famous quote “In God we trust, all others must bring data” by William Edwards Deming? Today is a data driven world. Organizations across the world are accumulating large volumes of data over the years, which can be used effectively to derive business insights. The power of analytics has transformed the way we do Internal Audit today.
Why do you need analytics in Internal Audit?
A simple definition of Data Analytics is that it is the science of mining through the raw data to derive better deeper insights from the data. This helps the management in taking proactive and informed decisions rather than being reactive to the business situations.
Using data analytics helps in Increased Risk Assessment accuracy by testing 100% transactions instead of a random sample, thereby providing greater coverage. It enables Periodic Monitoring of Risk and Controls across global operations and also helps expedite fraud detection. The auditor can reduce the time spent on lower risk and less complex areas and deploy the resources to high risk areas, thereby leading to greater value add to the organization.
IA that focuses on the traditional ‘what-could-go-wrongs’ and random sample testing might miss critical areas and fail to identify the key business issues. Analytics driven approach can help an auditor overcome this by examining the entire set of data using various analytics techniques and statistics thereby identifying all the potential exceptions/ outliers and discern relationships, patterns and correlations that could not have been identified before using the traditional approach.
How to embed analytics to transform Internal Audit for high performance?
To achieve maximum benefits from the data analytics, it is essential that every Internal Audit has analytics as a default component, where the analytics program is designed, planned, staffed, modelled and governed to overcome barriers from the start. Analytics is a key element in every stage of IA Lifecycle (from Risk Assessment to Reporting and Monitoring).
Successful integration of analytics requires the internal auditor and the analytics specialist to collaborate and understand the business process and the underlying risks and controls. Analytics tests should be designed in accordance with the key risks/ concern areas of the business. Appropriate analytics tools should be used to setup, develop scripts for the analytics tests designed for periodic monitoring of risk and controls. The nature of the analytics projects could be one time or repeatable.
Use cases of analytics in IA:
There are many organizations today that have changed their approach for Internal Audit. Here are some of the use cases where analytics has played a key role.
Periodic monitoring is a key focus area for most IA functions which enables the auditors and management to get insights into the efficiency of the process and IT controls in place. Some of the aspects included in an Accounts Payable process can be on duplicate payments, 3-way match between invoices, goods receipt and purchase order, segregation of duties in the AP function.
Other slightly more complex use case for analytics can be a transportation review where there are millions of trips which are analyzed to identify potential duplicate payments, occupancy analysis, potential back to back trips, trip avoids, same employee scheduled on multiple trips, duplicate employees on the same trip etc. Analytics can also be used for quantifying the potential recovery opportunity with the service provider for duplicate, over payments and fraudulent transactions.
Analytics can be helpful in Risk Assessments for identifying the high risk accounts from the financials based on certain defined criteria or identifying the business units or entities that needs to be audited. Advanced analytics can also be used for Risk Assessment such as predicting shrinkage value of inventory by retail store and selecting the stores that need to be audited based on the those outlets having high predicted shrinkage values.
With the objective of bringing in efficiency in the way we do audits and enable periodic monitoring, we have developed an automated module called the IA Analyzer for processes such as Procure to Pay, Order to Cash, Record to Report, HR & Payroll, Travel & Expense, Fixed Assets and Inventory which has a standard test library for each of the process. The flexibility is given to the users to pick and choose the tests they want to run and the results are presented in an interactive dashboard.
Where is your IA Function on its analytics journey?
Here are some of the key questions which can help you to assess the current maturity level of the organization in embedding analytics in IA.
- What role does innovation and continuous improvement play in your IA culture?
- Do you have a defined governance model and strategy in your organization?
- How are you aligning your function’s capabilities and talent to keep pace with the explosion of data in your organization?
- How does your IA methodology incorporate analytics?
- To what extent are you managing data throughout the IA lifecycle?
- To what extent do you rely on information and analytics from the business to identify risk?
Analytics can be used for basic data profiling; exploratory analytics can be further used for complex tasks such as finding the root cause analysis or hypothesis testing and advanced analytics such as predictive modelling and forecasting. It depends on the maturity level of the organization and their vision to transform the IA Function from a compliance officer to a strategic and value advisor.
Shankari Raman, Senior Manager, Analytics practice – EY India Advisory has also contributed to this blog