Implementing Analytics to deliver Internal Audit

“I do not believe you can do today’s job with yesterday’s methods and be in business tomorrow,” Nelson Jackson, automobile pioneer

The availability of large volumes of data is changing the way organizations look at most of their business processes and functions. In the context of internal audit (IA) also, new ways are coming up to utilize the power of analytics. To stay competent and ahead of the curve, the organizations should ask themselves the following questions — Is their organization still relying on traditional methods for its IA process? Does their IA methodology incorporate analytics? If yes, to what extent?

Advantages of using analytics over the traditional approach for IA

  • Analytics enables repeatability of standard tests across processes such as procure-to-pay, order-to-cash, record-to-report, HR and payroll, travel and expense etc., which reduces the overall IA effort by 20%–25%.
  • The traditional approach uses random sample testing to identify data discrepancies. However, an analytics-driven approach provides organizations 100% coverage of their data set, thereby identifying all potential exceptions/outliers and providing higher confidence.
  • Analytics provides an organization the ability to quantify the actual impact of exceptions rather than extrapolation based on sample testing.
  • Analytics enables continuous auditing of critical internal controls leading to an early detection of the problem and hence, devising early solutions.

Evolving role of analytics-led IA: from compliance to strategic and value-advisor

The use of analytics by internal auditors extends beyond the ability to develop continuous audit scripts. In fact, auditors can leverage advanced analytics tools and techniques to expand audit coverage.

Analytics

 

Here are some examples/ use cases for advanced analytics in IA across its life cycle:

  • Risk Assessment: Improving risk assessment process is one of the top priorities for IA Functions today. But how do we do this? How do we enhance the ability to monitor emerging risks?

There are several examples showing how IA Functions can do this using analytics. In an audit where the objective is to test internal controls over financial reporting, analytics enables identification of risky transactions and potential risky accounts based on certain parameters and weights defined for critical indicators. By doing this, auditors can develop a risk based audit plan for testing these accounts and transactions in detail, along with the controls over such activities.

Another example is to use fuzzy logic to test for conflict of interest between employee and vendor masters or employee and customer masters. Parameters such as name, address, phone number, bank account number, PAN can be tested for 100% match as well as a similarity of 80% or 90% can also be set to identify similar matching records.

  • Audit Execution: Organizations can use analytics to test the statistical significance of an audit finding and the root cause of the issue. For instance, high attrition rate is a common issue noted in many organizations. Using advanced analytics such as regression, the IA Function can identify the various factors that impact attrition such as gender, work location, home location, education qualification, reporting manager, division etc. Identifying the root cause of the issue provides more value add to the management and helps in re-hashing the recruitment/ retention policy of the organization, thereby the IA Function is seen as a strategic advisor to the management than just a compliance officer.

Analytics can be used to identify patters and trends in the transaction data and identify anomalies and outliers. For instance, while reviewing the logistics transactions vis-a-vis their contracted rates, a distribution of the transactions across their weight buckets could show concentration of transactions in a particular weight bucket which provides maximum billing rate for the service provider. This could help Auditors identify potential manual interventions in invoicing by the service providers and identify recovery opportunities for the management (including instances such as duplicate payments, over payments etc.).

  • Communication and reporting: Many a times, auditors are asked to make a judgment on various business situations. In the organizational set ups, different C-suite executives have different opinions on what is working well and what is not working well for the organization, based on their experience and functional roles. For example, consider a situation where the CEO of an organization makes a statement that the company was unable to achieve its target due to lack of resources at the right time. Therefore, it puts the onus on the HR department that it has not functioned at its expected service levels. Such scenarios can be tested using advanced analytics and enable the management in taking corrective actions.

With the evolving skillset through analytics, the role of IA is shifting from value preservation to value creation. Is your organization there yet?

Shankari Raman, Senior Manager, EY Advisory Services has also contributed to this article.

For more, follow us @EY_India

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s