Small datasets for audits: 5 ways to extract value

Is big data more valuable than smaller data? What do we even mean when we ask this question? The thing is, there’s no real definition for either. The term “big data” is now quite dated. It’s been around for nearly…

Crisis as an opportunity for a strategic reset of assurance priorities

Infrequent but significant crises present new challenges for assurance leaders. But with challenge comes opportunity. Opportunity to re-assess how assurance activity is performed and, most importantly, how it can be improved.   Assurance leaders are seldom presented with an opportunity…

Principle 2 – Quality – for data governance within audit

This article focuses on principle #2 – Quality – for governing data within audit. This is the 4th article in this series.  The previous articles: Outlined why the use of data within the IA team should be specifically governed. Provided a point of…

3 key principles for data governance within audit

This article sets out 3 key principles for Data Governance within audit. A core set of guidelines that we, as audit professionals, can check ourselves against in planning for and using data. This is the third article in the series.…

Do you focus on your customer when thinking about risks?

As a business leader, you are risk-aware. You want to innovate to add value, while maintaining compliance. You do this because you want your organisation to succeed, and delight customers. As a risk leader, you have developed business acumen. You want to…

Data in audit – reducing noise, false positives

When using data, one of the main challenges faced by auditors is the volume of exceptions generated. How can we overcome this? Traditional audit sampling typically involves evaluation of between 5 and 50 items; consequently, the number of exceptions doesn’t fall…

Performance Audits – creating and sustaining Public Value

This article is for: Performance Auditors, to help explore their critical role in sustaining Public Value.[1] Internal Auditors, in conducting performance audits i.e., assessing economy and efficiency within their organisations.   Remind me: what is ‘Public Value’?   Progressive organisations recognise the important role…

SAS70 Certification and other common SOC report myths

If you use or plan to use a cloud/SaaS/hosted solution, how do you ensure that the service provider is protecting your systems and data? Rely on their SAS70 reports, right? Not quite. In this article, we explain why this is…

Supply chain risks – brand damage & financial loss

This post originally detailed how contingent resourcing and SEO could damage brands. It has since been expanded, with the update first, followed by the original post.   Update: 24 Sep 2019 If you are listed as a client on a…

Protect against inadvertent privacy breaches

There has been a raft of data breaches over the past few months. Some of those were due to poor controls and/or significant effort by hackers. But some recent breaches have been rather inadvertent. Despite some controls put in place,…

Going beyond the initial remedial action

Management action often focuses on the sample or weakness that audit identified. We call this “remedial action” – but is it really a remedy at all? We must ask: Does the action minimise the risk? And, importantly, if a customer…

Can you survive the damage caused by a spreadsheet model error?

Spreadsheets are often used (and have been for decades) for modelling and analysis, largely because they are easy to use and highly flexible. But what happens when a simple error like cutting-and-pasting the wrong formula, or omitting data in a calculation, ends…

Emerging risks – Artificial Intelligence

When you hear the phrases “artificial intelligence”, “machine learning” or “autonomous systems”, what images do they conjure up? You might be imagining a world with endless possibility. The eternal optimist? Or perhaps a dystopian future – a robotic society. The…

5 challenges to tackle – data in audit

If you are an assurance leader (internal audit/performance audit/risk assurance), you want to: provide assurance to the Board and to management. help maximise value (efficiency, effectiveness, economy) and customer satisfaction. ensure that compliance is maintained. As part of your overall assurance…

Complaints Analytics: generating insights into organisational culture

complaints-analytics

The importance of proper complaints-handling as a measure of a healthy organisational culture has recently been brought into sharp focus in various public inquiries and media commentary. Whether in the public sector, banking industry, dispute resolution or other regulatory oversight…

Repeatable analytics – whose job is it?

Businessman in his office covering his eyes

Over the past few years, and again at the 2018 ISACA conference in Chicago, there have been lots of discussions regarding analytics strategies for internal audit teams. Among the strategies, repeatable analytics (e.g. continuous controls monitoring or CCM) seems to…

Wrap-up: Australian Anti-Corruption Conference 2017

The three day Australian Public Sector Anti-Corruption Conference (APSACC) was hosted by Queensland’s CCC and the New South Wales ICAC in Sydney. Insightful presentations and case-studies from various state, national and international jurisdictions. The highlight for me was the keynote…

Agility in Internal Audit (Part 2)

In Part 1, we outlined our thoughts regarding traditional audit methodologies and documentation requirements, and said that those are being adapted by IA functions that want to remain relevant. We also mentioned our experience with a project that adopted a prototyping…

Agility in Internal Audit (Part 1)

Having recently used an agile (with a small “a”) approach to deliver a risk analytics project to a large customer, we’ve have been thinking about how such an approach could be used by Internal Audit functions. This is not a new concept,…

The regulatory spotlight – ‘the more things change…

Another week surfaces another raft of emerging challenges for our Australian regulators and investigative bodies. At least the burden has been shared among various sectors and, in some cases, more than one regulator from the same industry is getting in…

Integrity and oversight agencies – unravelling their DNA

The existence (or absence) and performance of Australia’s various integrity agencies* is regular fodder for a range of commentators, including academics, lawyers and parliamentarians. Ongoing high-profile conduct issues only serve to heighten public interest. A favourite topic of debate is…

The fraud merry-go-round – can you stay off?

Public sector fraud in the news again in Queensland – a high ranking official was charged with fraud by the CCC and a former public servant was sentenced to jail (wholly suspended) for misappropriating $42k. Fraud is pervasive and there…