The Data-Confident Internal Auditor: A Practical, Step-by-Step Guide
By Yusuf Moolla and Conor McGarrity
()
About this ebook
The Data-Confident Internal Auditor demystifies the use of data in internal audits through practical, step-by-step guidance. With concepts and tools that are easy to understand and apply, this comprehensive guide shows you how to approach data yourself, without having to wait on data scientists or technical experts.
Developed over the course of hundreds of actual audits, these real-world approaches and practices are distilled into a simple sequence of steps that will leave you feeling confident and even eager to apply them for yourself. Pick up The Data-Confident Internal Auditor and start building your data skills today.
Related to The Data-Confident Internal Auditor
Related ebooks
COSO Internal Control A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCOSO ERM A Complete Guide - 2021 Edition Rating: 5 out of 5 stars5/5Internal Audit 101: A Six Step Guide for New Entrants Rating: 0 out of 5 stars0 ratingsAnalytics and Business Intelligence A Complete Guide Rating: 0 out of 5 stars0 ratingsCFO A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsFraud Risk A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSarbanes Oxley Internal Controls A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsInternal Controls A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsPredictive Business Analytics: Forward Looking Capabilities to Improve Business Performance Rating: 0 out of 5 stars0 ratingsTranslating Operations into Money: Cases in Business Management Rating: 4 out of 5 stars4/5Enhanced Enterprise Risk Management Rating: 0 out of 5 stars0 ratingsForensic Accounting and Fraud Investigation for Non-Experts Rating: 0 out of 5 stars0 ratingsOperational Risk Modeling in Financial Services: The Exposure, Occurrence, Impact Method Rating: 0 out of 5 stars0 ratingsBalance Sheet Pocketbook Rating: 0 out of 5 stars0 ratingsCreating and Maintaining Resilient Supply Chains Rating: 0 out of 5 stars0 ratingsKey Performance Indicators: Developing, Implementing, and Using Winning KPIs Rating: 0 out of 5 stars0 ratingsButterworths Financial Services Compliance Manual Rating: 0 out of 5 stars0 ratingsA Practical Guide to Analytics for Governments: Using Big Data for Good Rating: 0 out of 5 stars0 ratingsSWANSON on Internal Auditing: Raising the Bar Rating: 5 out of 5 stars5/5Purchasing, Inventory, and Cash Disbursements: Common Frauds and Internal Controls Rating: 5 out of 5 stars5/5COSO A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsAudit Data A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsRisk Appetite And Risk Tolerance A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsStrategic Analytics: Advancing Strategy Execution and Organizational Effectiveness Rating: 0 out of 5 stars0 ratingsControls, Procedures and Risk Rating: 0 out of 5 stars0 ratingsPrivacy Impact Assessment A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsProject Profitability: Ensuring Improvement Projects Achieve Maximum Cash ROI Rating: 0 out of 5 stars0 ratings
Auditing For You
Exposing Fraud: Skills, Process and Practicalities Rating: 4 out of 5 stars4/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Auditing For Dummies Rating: 4 out of 5 stars4/52022 Best Ways To Make Money Online Rating: 4 out of 5 stars4/5The Prosperity Bible Rating: 5 out of 5 stars5/5Fraud Prevention Rating: 5 out of 5 stars5/5Internal Controls: Guidance for Private, Government, and Nonprofit Entities Rating: 0 out of 5 stars0 ratingsMadoff Talks: Uncovering the Untold Story Behind the Most Notorious Ponzi Scheme in History Rating: 4 out of 5 stars4/5Financial Statement Fraud: Prevention and Detection Rating: 0 out of 5 stars0 ratingsThe Internal Auditing Pocket Guide: Preparing, Performing, Reporting and Follow-up Rating: 0 out of 5 stars0 ratingsA Guide to Forensic Accounting Investigation Rating: 4 out of 5 stars4/5Bribery and Corruption Casebook: The View from Under the Table Rating: 0 out of 5 stars0 ratingsTax Cuts and Jobs Act: The Complete Bill Rating: 0 out of 5 stars0 ratingsConstruction Contractors: Advanced Issues Rating: 0 out of 5 stars0 ratingsAuditing Your Human Resources Department: A Step-by-Step Guide to Assessing the Key Areas of Your Program Rating: 0 out of 5 stars0 ratingsBrink's Modern Internal Auditing Rating: 0 out of 5 stars0 ratingsAmazon Echo: The Ultimate Guide to Setting up and Maximizing Your Smart Home hub Rating: 0 out of 5 stars0 ratingsCrunch Time - CPA Firm Survival in a Predatory Environment Rating: 4 out of 5 stars4/5Trade-Based Money Laundering: The Next Frontier in International Money Laundering Enforcement Rating: 0 out of 5 stars0 ratingsLean Auditing: Driving Added Value and Efficiency in Internal Audit Rating: 5 out of 5 stars5/5Budgeting: How to Make a Budget and Manage Your Money and Personal Finances Like a Pro Rating: 0 out of 5 stars0 ratingsFraud Casebook: Lessons from the Bad Side of Business Rating: 0 out of 5 stars0 ratingsCorporate Fraud: The Danger Within Rating: 4 out of 5 stars4/5Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework Rating: 0 out of 5 stars0 ratingsDetecting Accounting Fraud Before It's Too Late Rating: 0 out of 5 stars0 ratingsBudgeting - The Right Way Rating: 0 out of 5 stars0 ratingsInternal Audit Quality: Developing a Quality Assurance and Improvement Program Rating: 0 out of 5 stars0 ratingsBreaking Into Risk Management In Banks Rating: 4 out of 5 stars4/5
Reviews for The Data-Confident Internal Auditor
0 ratings0 reviews
Book preview
The Data-Confident Internal Auditor - Yusuf Moolla
Introduction
As an internal auditor, you know that data can help you to deliver better audit work.
Data is growing in volume and scope. Emerging approaches are making certain analyses possible. Technology is maturing—better hardware, more stable software. These combine to create opportunities for you and your team.
The value internal audit teams can achieve is obvious. What’s less obvious is why audit teams are shying away from using data.
Some say the complexity and jargon surrounding data are too overwhelming. Team leaders don’t know how to distinguish between hype and practical application. Team members are hungry to learn how to use data but aren’t sure where to start. Everyone is paralyzed, with no clear path forward.
Does this describe how you are feeling?
You’re not alone. Many audit professionals feel this way.
Since you’re reading this, even though we haven’t met you, we can make an educated guess that you’re curious, motivated and determined. Above all else, you know that you need to act to remain relevant.
Importantly, you’ve taken the first step. You picked up this book.
It is not difficult to use data, especially with the right teacher. Of course, it won’t be a walk in the park, and you will feel uncomfortable at some point. Embrace that discomfort. It’s proof that you are growing and learning: progress.
You’re in safe hands.
We’ve worked with dozens of audit teams on hundreds of audits.
Allow us to introduce ourselves.
Yusuf: I have worked with Deloitte and KPMG in several countries. I started my career performing data-focused roles, then moved into audit. It took a little while to work out that they were not distinct fields. In 2006, an opportunity to use data on an audit presented itself. It was an exciting initiative, so I jumped at it. I worked hard, enjoyed the challenge and delivered real value—the work was tremendously satisfying.
Conor: My career has focused on the public sector. I have worked for several statutory bodies and with KPMG, reviewing governance structures and delivering performance audits. About ten years ago, I realized that data, used properly, can help you deliver better audits. I’ve been using data ever since, uncovering new opportunities and enhancing audit quality.
We’ve thought long and hard about how to use data for audits. This book brings much of that thinking into one place. It is designed to help you shortcut the process that we went through. If you apply the guidance, it will save you years of effort.
We have repeatedly applied all the approaches, concepts and practices in this book to our own work.
We’ve structured this book to be consumed in small sections to manage any fear or confusion you may have.
There is also a companion website, www.data-confident.com, which is referenced throughout the book. Here you will find supplementary resources like templates and cheat sheets. There are also interactive versions of the Chapter 7 visualizations, sample data sets and example KNIME¹ workflows.
By working through the principles, approaches and simple sequence of steps in this book, you will gain the confidence to use data directly in all your audits.
1 KNIME is an open-source analytics platform. There is more info on this in Chapter 4.
1
Benefits and
Misconceptions
There are many misconceptions about data, especially about using it for audits.
Because many internal audit teams are unfamiliar with data, they make general assumptions about its value and application. Before we can explain how to use data, we must first dispel these myths.
Myth 1: Using data only increases
the value of a handful of audits.
A surprisingly common misconception is that data has limited applicability to audits.
It’s something you have heard—perhaps from colleagues, managers, or maybe even just the voice in your head. You already know that this is false, or you wouldn’t be reading this book! But how do you convince others?
Here are the top three benefits that we’ll discuss:
1. Data helps identify opportunities that management cannot see.
As auditors, we have a unique perspective, because we look across functions and domains. Most of our first- and second-line colleagues focus on their direct areas. But we are not limited by process, function, service or product. Our domain is the whole organization. Using data can help us find opportunities that go across several functions.
The classic example of this is procurement and payroll. Procurement teams focus on procurement activity. They generally don’t focus on payroll or employee-related matters. The same holds for payroll and HR functions. They rarely concern themselves with procurement-related matters, except when they are engaging service providers to help them with systems, or for contractors and the like. If we are conducting a payroll audit, we can use data from both payroll and procurement.
Why?
If there are employees (in the payroll system) who are also being paid as service providers (in the procurement system), there is a potential conflict of interest. We know that unmanaged conflicts of interest can create all sorts of risks. As internal auditors, we should be concerned about this. If we know that management is not looking at this risk, it is our duty to consider it as part of our payroll audit.
2. Data makes it easier to read our audit output(s).
Audit reports can be lengthy. They can also be text heavy, and are often laden with information only relevant to a small number of people, sometimes only one person. Thankfully report writing, like many aspects of our audits, is getting better as we look for ways to make it easier to understand our reports. We work hard at it, removing jargon, writing in plainer language and using diagrams and infographics.
Many audit leaders have been working with their teams to incorporate auditviz (audit data visualization) into their reporting. This is where we use graphs and charts in our reports. With visualized data, the reader doesn’t have to waste time trying to imagine the context of each finding or decipher complex descriptions of the results. With auditviz, findings and results are intuitive.
Here is a good example from a public sector efficiency (value-for-money) audit:²
This auditviz represents relative efficiency scores for services provided by 46 similar entities (the colored dots).
The auditviz is compelling and easy to understand for a few reasons:
•The three service models are clearly labeled and displayed (use of color).
•The efficiency score uses a simple, intuitive scale (less efficient
and most efficient
).
•The performance of each entity is clear (adequate spacing of results).
Here the individual council model (orange) is often less efficient than others.
(More of these councils are grouped towards the less efficient end of the scale).
Auditviz like these convey messages and outcomes quickly to help the audience see the results. Of course, text can help support or further explain what’s in the charts or graphs. But graphs help bring any text explanation to life, making for a faster, easier read. Sometimes, we may not even need to explain each of the data points. In fact, as we produce more reports with these visual elements, the graph becomes the primary component. The words then support the graph, help focus attention or help remove ambiguity.
Auditviz makes the reader’s consumption of the report more efficient. A simple and focused auditviz means the reader can skim the detailed supporting text. This saves time, which the reader can use to focus on dealing with the issues and acting on the opportunities.
In some cases, even writing the report becomes more efficient. By including auditviz, we can start with the picture and explain what we are focusing on, to guide the reader’s attention. This is more difficult to do if we don’t have a graph in front of us.
Yes, it takes time to do. Time to check accuracy. Time to format the visuals to suit the audience. Time to remove anything that isn’t necessary (clutter). But as with any work that we do, it gets easier, and we get faster with experience. And review time improves. Audit reports generally go through various layers of review. If we make the review process easier with accessible information organized in an intuitive way, the effort will decrease. Your reviewers will thank you for the time you save them.
3. Data makes it easier to manage the exceptions.
Traditional audits include a multitude of broad, sweeping statements about control failures or process gaps. The reports rarely contain the specific details needed to take action. Instead, the auditees may be instructed to follow up with more information on how to fix the identified issues. It’s a time-consuming process that rarely helps anyone. Often, the solutions are so vague, the problems get lost or deprioritized.
But if we use data, we can often identify the root causes of issues. This makes it much easier for management to take meaningful action. We can surface real gaps, going beyond the traditional controls testing approach that may only identify theoretical gaps.
Of course, it’s still important to test controls. It’s still important to go beyond the initial remedial action.³ But where we are also using data, we can identify the specific issue: where the control failure has created a real loss or potential loss. This is probably what needs to be fixed first.
For a $30 million revenue audit, we spotted a gap in discount authorization controls. We could have said that the control was not working, with potential for loss.
Instead, we analyzed the relevant data to find out what the control weakness meant. How much were we losing? $26K, which was less than 0.1