Risk Insights Logo

Internal Audit's use of data - yes, it does go beyond CAATs / basic rules

July 30, 2017

Internal auditors have used Computer Assisted Audit Techniques / basic rules to identify duplicate invoices, payments and payroll transactions for some time.

While these techniques have helped identify errors in transaction records, the expectations and mandates of Internal Audit functions continually evolve.

Surveys of key stakeholders globally have highlighted that businesses are expecting internal audit, as their third line of defence, to focus on higher order risks - those related to objectives and strategy.

At conferences over the past few years, there has been an increase in presentations on data and "analytics".

If someone outside of the profession listened to the discussions, they would be forgiven for thinking that IA hasn't made much progress, apart from enhanced visuals and dashboards.

Is that the reality?

Fortunately, this is not the case.

There are a number of IA teams that are using newer approaches in the conduct of their analytics work. This includes:

  • text analytics: analysis of text (structured & unstructured), including NLP (natural language processing)
  • similarity searches / "fuzzy" matching
  • machine learning: e.g. supervised predictive models to help reduce false positives, and provide better outcomes than traditional sampling

This expands the range of questions that can be answered / risks that can be identified; they are useful regardless of the volume of data that you need to analyse, but are particularly useful when you need to (or want to) crunch through large sets of data.

Some teams are looking at hundreds of millions of records within individual audits

Expanding the range of techniques used has helped them with processing (i.e. making the analysis possible, without noise). Importantly, they have been able to produce high-value, tangible insights and outcomes; often helping to surface customer service issues, revenue leakage and unnecessary expenditure.

The techniques outlined earlier help solve specific challenges and are not simply all thrown in to prove or disprove every hypothesis.

If used appropriately, they can help improve audit quality, efficiency and effectiveness - providing additional value to stakeholders.

Share this article

Get more insights like this

Blog Post
The Assurance Blog
March 3, 2022

Data in Audit Guide

Read article
Blog Post
The Assurance Blog
December 16, 2021

The Data-Confident Internal Auditor: Software

Read article

Subscribe to our mailing list

Get notified by email about new blog posts and podcast episodes by the Risk Insights Team.