Directions for the Data Analytics Journey

August 2011

Two new publications provide advice for internal audit departments that want to leverage data analysis software to enhance their audit process.

Tim McCollum
Associate Managing Editor

Organizations large and small have long relied on ever-more sophisticated computer systems to conduct business, yet many internal auditors continue to lack the tools and expertise needed to audit and make sense of the constantly expanding glut of financial and operational data. Now two new guides from The IIA and ISACA aim to show practitioners how data analysis software can enhance their audit work. “The results of data analytics can be useful in identifying areas of risk, fraud, errors, and misuse; improving business efficiencies; verifying process effectiveness; and even influencing business decisions,” says Anthony Noble, vice president of IT audit at Viacom Inc. and a member of ISACA’s white paper development team, which recently issued Data Analytics — A Practical Approach (registration required for free download).

Similarly, The IIA’s Global Technology Audit Guide (GTAG) 16, Data Analysis Technologies (free download for IIA members), asserts that data analytics can assist internal auditors in completing their governance, risk management, and control evaluation responsibilities. “By analyzing data within key organizational processes, internal audit is able to detect changes or vulnerabilities and potential weaknesses that could expose the organization to unplanned risk,” note co-authors Altus Lambrechts, internal audit manager–applications and data intelligence with the South African Revenue Service; Jacques Lourens, chief auditor, IT audit with Nedbank Ltd.; Peter Millar, director of technology application at ACL Services Ltd.; and Donald Sparks, vice president, Automation Services. This can ensure that auditors are reviewing “today’s risks — not yesterday’s.” Using the software, auditors can analyze data from multiple sources against control parameters, business rules, and policies to make “fact-based assessments of how well automated controls are working,” the GTAG points out.

Moreover, data analysis technology can enable resource-strapped audit departments to accomplish more than they could using manual techniques. Specifically, the GTAG states, data analytics can give auditors:

Greater productivity and cost savings. Data analytics can improve audit planning, risk assessments, and the depth of audit coverage, enabling audit departments to broaden the scope of assurance activities.
More efficient data access. Auditors can use data analytics to access and query data on their own, rather than relying on IT personnel.
Reduced audit risk. Data analytics can enable auditors to hone their risk assessment and stratify the population.

In addition to describing the benefits and uses of data analytics, GTAG 16 describes the attributes of current data analysis technologies and provides advice for selecting the appropriate software, as well as detailing potential obstacles to deploying the technology successfully, such as poorly defined audit scope, data location and access, data understanding, and data preparation. The guide explains key concepts in nontechnical terms and provides practical examples of how data analytics can be used throughout the audit cycle.

ISACA’s white paper provides additional information for implementing data analysis technology that stresses its usefulness for gaining insight into privacy and data security, improving assurance over data quality, and increasing audit staff productivity. The paper points out that a data analytics plan should focus on the end result by:

Performing ad-hoc analysis in support of targeted risk areas.
Leveraging data analytics within many projects for greater insight.
Moving to repeatable analyses performed periodically on high-risk activities.
Defining success measures along the way.

Data analytics “is a journey through a well-thought-out plan with specific objectives and steps,” Noble explains. These two guides may provide auditors with the directions they need as they set out on that journey.

To comment on this article, email the author at tim.mccollum@theiia.org.

Data Analytics
It is a great article, how ever it would be greater if it was supported with actual statistics on how companies that implementing Data Analytics are performing better plus some live examples on the point factors mentioned above.
Posted By: Ahmed Al Ansari
2011-09-04 2:23 AM

COMMENT ON THIS ARTICLE

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.

To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>