According to a new white paper, data analytics is becoming a game changer for the internal audit profession. However, as current maturity in data analytics in auditing is still low, many companies still have a long way to go before they can get the best from the innovative technology.
The ability to utilise data analytics and “big data” to achieve a competitive advantage and manage operations and strategic plans ranks among the top risk issues for board members and C-suite executives worldwide. In combination with an ever growing set of demands from boards and executive management for deeper insights into strategic risks, analytics and robotics are top priorities for chief audit executives looking to offset the mounting workload of themselves and their teams. By leveraging effective data analytics strategies, a business can boost efficiency, while improving the quality of evaluation risks and controls receive, as well as placating stakeholder scrutiny.
Data analytics can be applied across three key areas. In terms of planning, it can be used for effective risk profiling, the testing of data via simulation, and statistical sampling. Data analytics can also enhance the execution of audits – providing quick and effective monitoring of continuous controls, keeping watch for indications of fraud (which cost UK firms alone over £2 billion last year), recognising patterns to anticipate future risks, and control simulation. Finally, it can enhance reporting of risk quantification, real-time exception management, and root cause investigations, to provide better understanding of how to avoid future breaches.
Data analytics is subsequently gaining a growing foothold in internal audit. According to a recent report, two out of three departments now utilise the technique as part of their internal audit process, seeking valuable improvements, efficiencies and insights buried within internal workflows and cultural habits. At companies where data analytics is a dedicated part of the governance (i.e. a separate team or function), the growth in demand was significantly higher, at 80%, with an 11% higher percentage score for ‘significant increase’.
According to a new report from consulting firm Protiviti, however, despite the potential of data analytics, due to the nascence of the technology which remains in a phase of rapid development, many of its applications remain untapped. In line with this, the use of analytics in auditing remains in its early stages, as the maturity of using analytics in the audit process remains relatively low.
Partially this is likely due to the fact that many firms are fundamentally not ready for full leveraging of data analytics. While 76% of organisations in Asia Pacific and Europe currently employ data analytics in their auditing efforts, only 59% and 58% respectively believe the data available to be analysed is up to scratch. The gap is even more pronounced in the US, where while 63% of entities use data analytics in their auditing process, 28% said the data available was of high quality.
Protiviti’s researchers believe that another reason why firms are not fully realising the potential of data analytics could be that many audit functions are likely using analytics tools as point solutions as opposed to part of broader initiatives to leverage analytics throughout the audit process. In order to work toward improving the current situation, the consulting firm set out a ten-point programme for Chief Audit Officers to follow, in order to get the best from data analytics in auditing.
1. Chief Audit Officers should recognise that demand for data analytics in internal auditing is growing across all organisations and industries. This trend is poised to continue as more organisations undergo business and digital transformation initiatives and employ robotic process automation (RPA) strategies, in part due to the growing regulatory burden placed on organisations to weed out fraud via the use of analytics.
2. By seeking out opportunities to expand internal audit’s knowledge of sophisticated data analytics capabilities, Chief Audit Officers can ensure that the organisation has a more comprehensive and precise understanding of what is possible with analytics, what similar organisations are doing with analytics, as well as what progress is needed to advance these capabilities.
3. Conducting even modest demonstrations of analytics capabilities that can set an influential tone are positive steps toward building a stronger internal audit data analytics function. Chief Auditing Officers can use this strategy to boost organisational understanding of budget and resource constraints, along with business-as-usual workloads, and how they can limit their internal audit team’s ability to optimise data analytics efforts.
4. In comparison with other organisations, those with analytics champions and dedicated analytics functions in place see data analytics deliver more value, experience higher demand for their analytics services and obtain better access to higher-quality data. Chief Auditing Officers should also consider the use of champions to lead the analytics effort and, when appropriate, create a dedicated analytics function. Having champions could help organisations to bridge the gap between the analytics function and operational auditors. It also encourages the use of analytics, including basic usage by the whole team.
5. As many of the current problems with leveraging data analytics currently revolve around the quality of data available, Chief Auditing Officers should explore avenues to expand internal audit’s access to quality data. They should also implement protocols (including those related to completeness, conformity, data quality and reliability) which will govern the extraction of data used during the audit process in future.
6. On top of this, Chief Auditing Officers must identify new data sources, both internal and external, that can enhance internal audit’s view of risk across the organisation. This can ensure that the organisation will be able to supplement data analytics procedures with a supply of quality data.
7. Chief Auditing Officers would also benefit from increasing the reach and usage of continuous auditing and monitoring to perform activities such as monitoring fraud indicators, KRIS in operational processes and information used in the leadership team’s strategic decision-making activities.
8. By leveraging continuous auditing, develop real-time snapshots of the organisation’s risks and incorporating results into a risk-based audit approach that is adaptable and flexible enough to focus on the highest areas of risk at any point in time, Chief Auditing Officers could further boost their data analytics maturity.
9. Chief Auditing Officers should seek ways to increase the level of input stakeholders provide when building and using continuous auditing tools and when determining what data should be monitored by these tools. While many different stakeholders have important insights to help determine areas of focus, it is key that the effort is focused on building tools that internal audit can leverage to monitor risk in the business.
10. Finally, Chief Auditing Officers can implement steps to measure the success of your data analytics efforts, and also consider the most effective ways to report success and value to management and other key stakeholders. Internal audit groups which successfully demonstrate tangible value are the ones which build a stronger business case for increased budgets and resources dedicated to a data analytics function, as well as underscore throughout the organisation the importance of analytics. In the process, this can also boost the internal audit department’s reputation from within.