control, and governance
Directions for the Data Analytics Journey
Two new publications provide advice for internal audit departments that want to leverage data analysis software to enhance their audit process.
Associate Managing Editor
Organizations large and small have long relied on ever-more sophisticated computer systems to conduct business, yet many internal auditors continue to lack the tools and expertise needed to audit and make sense of the constantly expanding glut of financial and operational data. Now two new guides from The IIA and ISACA aim to show practitioners how data analysis software can enhance their audit work. “The results of data analytics can be useful in identifying areas of risk, fraud, errors, and misuse; improving business efficiencies; verifying process effectiveness; and even influencing business decisions,” says Anthony Noble, vice president of IT audit at Viacom Inc. and a member of ISACA’s white paper development team, which recently issued Data Analytics — A Practical Approach (registration required for free download).
Similarly, The IIA’s Global Technology Audit Guide (GTAG) 16, Data Analysis Technologies (free download for IIA members), asserts that data analytics can assist internal auditors in completing their governance, risk management, and control evaluation responsibilities. “By analyzing data within key organizational processes, internal audit is able to detect changes or vulnerabilities and potential weaknesses that could expose the organization to unplanned risk,” note co-authors Altus Lambrechts, internal audit manager–applications and data intelligence with the South African Revenue Service; Jacques Lourens, chief auditor, IT audit with Nedbank Ltd.; Peter Millar, director of technology application at ACL Services Ltd.; and Donald Sparks, vice president, Automation Services. This can ensure that auditors are reviewing “today’s risks — not yesterday’s.” Using the software, auditors can analyze data from multiple sources against control parameters, business rules, and policies to make “fact-based assessments of how well automated controls are working,” the GTAG points out.
Moreover, data analysis technology can enable resource-strapped audit departments to accomplish more than they could using manual techniques. Specifically, the GTAG states, data analytics can give auditors:
In addition to describing the benefits and uses of data analytics, GTAG 16 describes the attributes of current data analysis technologies and provides advice for selecting the appropriate software, as well as detailing potential obstacles to deploying the technology successfully, such as poorly defined audit scope, data location and access, data understanding, and data preparation. The guide explains key concepts in nontechnical terms and provides practical examples of how data analytics can be used throughout the audit cycle.
ISACA’s white paper provides additional information for implementing data analysis technology that stresses its usefulness for gaining insight into privacy and data security, improving assurance over data quality, and increasing audit staff productivity. The paper points out that a data analytics plan should focus on the end result by:
Data analytics “is a journey through a well-thought-out plan with specific objectives and steps,” Noble explains. These two guides may provide auditors with the directions they need as they set out on that journey.
To comment on this article, email the author at firstname.lastname@example.org.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.