Within assurance functions or for specific assurance projects, using data can help improve effectiveness and quality.
There is certainly an efficiency angle too – this article explains how using data can help with efficiency.
This guide is designed specifically for internal auditors, performance auditors and other assurance professionals.
If you lead an assurance function or you lead the use of data within assurance projects, you will consider:
If you are starting to use data, or you want to enhance your approach, start with this article: common challenges.
If you are looking for how to approach the use of data – how specifically to scope and plan the use of data, how to determine what to profile and what to test, this article outlines four of the more common approaches.
These articles outline considerations for oversight of the use of data within assurance functions.
#1: Why audit functions need to consider specific approaches to data governance (within the audit team).
#2: Whether access to data within the audit team should be open (access for all) or closed (access only as needed).
#3: Three key principles for governing data within IA; Principle 1: Access – detailed.
#4: Principle 2: Quality.
One aspect of the use of data within audit has changed over the past few years.
There has been a shift from bottom up thinking to an objectives based approach. What is the problem that needs to be solved?
The traditional, easy way, is to start with a library (a list of rules based analytics routines), but that won’t help to properly achieve the assurance or value delivery goals.
Assurance professionals (typically) have a unique perspective across multiple functional areas.
Access to each business unit / department = potential to look into matters across the organisation.
So consider the organisation as a whole in scoping the data work to conduct.
Customers don’t care which part of the organisation is involved in providing a product or service to them, they care only about the service. Use customer feedback/complaints data if you can – there are several benefits.
The Board won’t (or shouldn’t) be as concerned with which department you have reviewed, as they are (or should be) with what the potential risks and opportunities are. So you need to look across functional boundaries.
How can the story best be told? It could be function specific, but this is often not enough.
Some of the key points to consider in planning your assurance data project / activity include:
This process and methodology is specifically for assurance projects – internal audit and performance audit.
Key points to note:
Data can help make reporting more efficient – as outlined in this article.
In finalising an audit, where management actions (a.k.a. management comment, remedial actions) are being prepared, you can use data to help go beyond that remedial action.
More on reporting coming soon. Contact us for early access.
Deliberately the last item in this topic – because it should not drive the approach.
It is still important, though. This article outlines the minimum set of software and considerations for selection.
Tools don’t have to be costly. This article debunks 3 common myths associated with open source software.
Most importantly, avoid “audit analytics” software. More on this in Episode 18 of the Assurance Show (podcast).