By Richard Arthurs FCPA, FCMA, Partner Enterprise Risk Services at MNP
Internal Audit and Governance Brief (Part 1)
Many internal audit teams across North America were the pioneers of extracting value from data analytics, a process that started decades ago and continues today.
I remember utilizing Audit Command Language (ACL) software over 20 years ago to run data analytics at a global packaged goods company’s world headquarters for a fraud risk assessment in 2002. At the time, no one had any idea what data analytics was, at least until they heard that it led to some very material and real fraud-related findings.
Fast forward more than 20 years, and these data analytics to test scripts, models, and procedures have been adopted by front-line functional business leaders as continuous monitoring tools or controls. The scope of analytics used by corporations today covers more growth-related insight than risk mitigation activity. Also, this does not mean internal audit has relinquished its use of analytics; quite the contrary. Internal audits have ramped up the use of analytics, even if sometimes it repeats the testing done by the business. This is done to provide required independent assurance to the audit committee and often detects risks and control improvement needed due to changes in systems and processes.
Insight from data analytics has been proven to provide great decision support value to many industries, and the internal audit function continues to drive innovation in this space. Analytics has also been very effective in the early detection of red flags and in-depth investigation. Artificial Intelligence (AI) is now greatly accelerating the benefits and risks driven by data.
Opportunities of data analytics in internal audit
Today, internal audit continues to be an innovation engine for the use of analytics. In some industries, such as the financial sector, it has become a support mechanism that is critical to success, such as continuous monitoring of credit card transactions. Imagine if credit card companies did not have the ability to use analytics to provide early detection of fraud. In Canada, fraud victim statistics are growing, and functions like internal audit are leading the charge to remove fraud opportunities.
Here are a few examples of how internal audit and governance leaders should consider using data analytics to drive material value in the organization:
- Risk assessment: Data analytics can help identify patterns, anomalies, and trends in large datasets, enabling internal auditors to assess risks more effectively. By analyzing historical data and identifying key risk indicators, auditors can prioritize their focus on areas with higher risk levels.
- Fraud detection: Data analytics can be a powerful tool for detecting fraudulent activities within an organization. By analyzing transactional data, financial records, and other relevant data sources, auditors can identify irregularities, suspicious patterns, or potential fraud schemes. This can lead to early detection and prevention of fraudulent activities.
- Compliance monitoring: Internal auditors can leverage data analytics to monitor and assess compliance with regulatory requirements, policies, and procedures. By analyzing large volumes of data, auditors can identify non-compliant activities, exceptions, or deviations from established controls and take appropriate actions to address them.
- Continuous auditing: Data analytics enables internal auditors to perform continuous auditing, which involves conducting real-time or near-real-time assessments of financial transactions and operational processes. By analyzing data on an ongoing basis, auditors can proactively identify control weaknesses, errors, or inefficiencies, allowing for timely corrective actions.
- Performance evaluation: Data analytics can assist internal auditors in evaluating the performance of various business units or processes. By analyzing operational data, auditors can identify bottlenecks, inefficiencies, or areas for improvement. This helps organizations optimize their processes, enhance performance, and achieve strategic objectives.
- Data integrity and quality: Auditors can utilize data analytics to assess the integrity and quality of data across different systems and platforms. By analyzing data consistency, completeness, accuracy, and timeliness, auditors can identify data quality issues and recommend measures to improve data governance and reliability. For example, analytics can assess millions of lines of data in minutes to determine completeness or what percentage of the entries/transactions are missing information.
- Predictive analytics: By applying advanced analytics techniques such as predictive modelling and data mining, internal auditors can forecast potential risks, identify emerging trends, and make informed decisions. Predictive analytics can help auditors anticipate future challenges and take proactive measures to mitigate risks. The world is starting to see many new apps and systems that utilize Artificial Intelligence (AI) and Machine Learning (ML) to enhance predictive analytics.
- Operational efficiency: Data analytics can enable internal auditors to identify process inefficiencies, automate manual tasks, and improve productivity. By analyzing data on resource allocation, workflow patterns, and performance metrics, auditors can optimize operations, streamline processes, and enhance efficiency within the audit function.
Already in 2024, it is possible to say that an internal audit function can use data analytics for 100% of all internal audits or advisory and consulting projects if there is available data with integrity. Internal audit can optimize and even automate some activities of finding issues and move towards a proactive assessment of emerging risks to steer the decisions and better prepare organizations.
This article originally appeared in CPA Alberta’s Dividends summer issue. Watch for Part 2 and 3 of the Internal Audit and Governance Brief in future issues of Daily Dividends.
Richard Arthurs FCPA, FCMA is a Partner in Enterprise Risk Services at MNP and MNP’s National Internal Audit Leader based in Calgary. Richard has deep industry experience in the utilities/energy, consumer goods, retail, technology, telecommunications, not-for-profit, and public sectors, and over 30 years of experience assisting complex global organizations with their internal audit, governance, risk management, IT audit, data analytics, ethics, and compliance needs. Leveraging his experience leading internal audit and risk projects in more than 60 countries, Richard has a global perspective on the issues businesses face. He has worked with renowned organizations and has a proven track record of achieving cost-effective, value-added solutions to manage priority risks and improve business processes and controls.
