By ACL Insider
ACL’s Peter Millar and Steve Biskie hosted a 60-minute webinar yesterday on the 5 Best Practices of World-Class Audit Shops. Peter and Steve have spent many years working closely with audit departments of all sizes who add incredible value to their organizations and have seen the following themes emerge:
World-class audit teams:
You can view the webinar and download the presentation here.
Attendees posed a number of interesting questions at the conclusion of the webinar, including this one from Zaid:
Could you share some examples of metrics used by audit shops to measure performance?
We figured this response from Steve was definitely worth sharing on the blog:
The metrics an organization uses to measure success largely depends on their strategy, which can vary widely.
An organization that wants to use analytics to provide better coverage (e.g. 100% testing instead of sampling), will often measure coverage-related items like % of transactions flowing through particular accounts that have been analyzed (particularly interesting when compared to that same % in a sampling approach), # or % of key systems where direct data access has been obtained, % of audits or business processes with a semi-robust set of tests.
An organization that wants to use analytics to improve audit efficiencies will often track things like the time it takes to do audits. This one can be a bit trickier to measure as the first time you audit using analytics there is some one-time effort that needs to be considered (access and understanding data, for example), but that doesn’t need to be a recurring effort if the process has been automated. The other consideration when measuring efficiencies is that it may be useful to break the audit time down into specific components and measure the delta against those, instead of looking at the aggregate amount of time to perform an audit. For example, organizations that do analytics well may actually find that their audit planning time increases slightly (primarily because analytics are helping them more intelligently determine where to focus), but the testing time decreases dramatically (since a lot is now automatic). That then can allow more time for analysis and interpretation of results than may have been used in the past.
Organizations where compliance or fraud detection are the primary drivers of analytics would have their own set of metrics customized to those goals.
Other metrics I’ve seen can include things like:
Find out more: ACL Blog