Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Audit Webinar How to get the right data for your audit in 3 easy steps

728 views

Published on

As the volume of information companies collect from internal and external sources continues to grow, auditors have to embrace analytics to help them keep pace. Incorporating data analytics into audits, however, can be more challenging than it sounds. Even departments that have established audit objectives and are ready to go with their data analytics tool can have problems getting the right data to so they can start.

In this presentation, Scott Jones, CIA, CRMA discusses the challenges and solutions around identifying, obtaining and verifying the right data to help you achieve your audit objectives.

SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic

Published in: Data & Analytics
  • Be the first to comment

Audit Webinar How to get the right data for your audit in 3 easy steps

  1. 1. HOW TO GET THE RIGHT DATA FOR YOUR AUDIT IN 3 EASY STEPS WEBINAR
  2. 2. PRESENTER Scott Jones, PE, CIA, CRMA President and CEO Key Performance Initiatives Inc.
  3. 3. AGENDA 1. Data Challenges 2. Objective 3. 3-Step Process • IDENTIFY the data • LOCATE the data • VERIFY the data 4. Benefits and Take-Aways
  4. 4. DATA CHALLENGES Cohn, Michael. Auditors see increased demand for data analytics. Accounting Today, April 5, 2017 https://www.accountingtoday.com/news/auditors-see-increased-demand-for-data-analytics
  5. 5. DATA CHALLENGES Difficulty obtaining, accessing, and/or compiling the data* * Stippich & Preber. Data Analytics. The Institute of Internal Auditors Research Foundation, 2016
  6. 6. A CAUTIONARY TALE “Send me all your data”
  7. 7. OBJECTIVE: 3-STEP PROCESS • Define a 3 Step Process for obtaining the right data: • Identify • Locate • Verify “But clearly within the audit space, the use of data analytics is considered the best practice of today and the future….” Brian Christensen, Executive VP of Global Internal Audit and Financial Advisory, Protiviti
  8. 8. THE FUNDAMENTAL ASSUMPTION • Effective IT Internal Control Framework • IT General Controls • IT Application Controls • (for the source of the data) • Without IT controls, the auditor cannot rely on the data • Testing of IT Controls is beyond the scope of this webinar
  9. 9. 3-STEP PROCESS: FIND RIGHT DATA
  10. 10. STEP 1: IDENTIFY THE DATA • Audit Objectives • Audit Scope • Data Analytics Objectives • Audit Procedures
  11. 11. STEP 1: AUDIT OBJECTIVES • Define specifically the intended outcomes of the audit • IIA Standard 2210 • Objectives must be established for each engagement • Derived from a risk assessment • Consider: errors, fraud, noncompliance & other exposures • Adequate criteria • Examples • Determine the operating effectiveness of internal controls for the cash disbursement process. • Assess compliance with the AP transaction approval policy
  12. 12. • Boundaries of the audit • Process • Location • Time frame • IIA Standard 2220 • The established scope must be sufficient to accomplish the objectives of the engagement • Consider relevant systems, records, personnel & physical properties • Example • Accounts Payable Process • San Diego Region • 2016 STEP 1: AUDIT SCOPE
  13. 13. STEP 1: DATA ANALYTICS OBJECTIVES • Derived from Audit Objectives • Scope should match audit scope • Clearly defined purpose • Examples • To test the population of 2016 AP transactions of the San Diego Region for indicators of fraud • To test the population of 2016 AP transactions of the San Diego Region for compliance with transaction approval thresholds • To test the population of 2016 AP transactions of the San Diego region to assure that purchases are from authorized vendors
  14. 14. STEP 1: DATA ANALYTICS PROCEDURES • To achieve Data Analytic Objectives • Examples • Duplicates Test – invoice payments • Join – vendor master file to AP data • Summarization – identify high risk vendors • Benford’s Law Analysis – anomalous frequency at approval thresholds
  15. 15. CAVEAT RE: IPPF STANDARD 2310 • Internal Auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives • Sufficient – factual, adequate, convincing • Reliable – best attainable information, using appropriate techniques • Relevant – supports observations & conclusion, consistent with objectives • Useful – helps the organization meet its goals
  16. 16. STEP 2: LOCATE THE DATA • Sources of Data • Establish Relationships • Data Request • Types of Data
  17. 17. STEP 2: SOURCES OF DATA • Self-service access • Standard reports and queries • IT or other third parties • Audited entity – NOT a reliable source
  18. 18. STEP 2: ESTABLISH RELATIONSHIPS • Who knows where the data are stored? • Audited function • IT • Don’t rely on email • Talk face to face • Not just during the audit • Seek to understand • Availability • Locations of databases • Means of access • Required authorizations • Required security – PII, HIPAA, ITAR
  19. 19. STEP 2: DATA REQUEST • Consider the Computer System • Consider means of transfer • Describe report • Objective and scope • Define fields • Type of data • Length • Format • Precision
  20. 20. STEP 2: TYPES OF DATA • Character (text) • Date • Numeric • Variable • Continuous (Interval, Ratio) • Discrete (integers, counts) • Attribute • Ordinal (ranked) • Nominal (arbitrary classifications)
  21. 21. STEP 2: CHARACTER OR TEXT DATA • Key consideration: Length • Numbers imported as text may not be useful for calculations • Check & Invoice Numbers – Numbers or Text?
  22. 22. STEP 2: DATE & TIME • Key Consideration: Format • Determine what the source reports • Know what your software can import • Format determines length • Date only? or Date and Time?
  23. 23. STEP 2: NUMERIC • Key consideration: Precision • Source Precision • Useful Precision • Type of Data
  24. 24. STEP 2: TYPES OF DATA • Variable • Also referred to as Quantitative • Types include Interval, Ratio • Numbered • Attribute • Also referred to as Qualitative • Types Nominal, Ordinal • Good/Bad, Red/Yellow/Green • Sometimes represented by numbers
  25. 25. STEP 2: HIERARCHY OF NUMERIC DATA • Variables • Real Numbers • Continuous: All calculations are valid • Discrete: Most calculations are valid • Data may be treated as ordinal or nominal • Ordinal • Values represent ranked order of the data • Calculations based on ordering are valid • Data may be treated as nominal but not variable • Nominal • Values are arbitrary numbers that represent categories • Only frequency calculations are valid • Data may not be treated as ordinal or variable
  26. 26. STEP 2: LOCATE THE DATA
  27. 27. STEP 2: EXAMPLE DATA REQUEST Report Report Name Report Description Expected Completion Date AP Report – San Diego Oracle report of account payable transactions for KPI San Diego from payment dates 1/1/2016 through 12/31/2016 5/31/2017
  28. 28. STEP 2: EXAMPLE DATA REQUEST Fields
  29. 29. STEP 3: VERIFY DATA INTEGRITY • Transfer the Data • Completeness • Reliability
  30. 30. STEP 3: TRANSFER THE DATA • Minimize intermediary handling • Options • ODBC • FTP • Shared Drive • SharePoint • Print report or PDF • Email • Portable Media • Consider security requirements • Access management • Encryption
  31. 31. STEP 3: COMPLETENESS OF DATA • Compare record counts to source • Reliability • Compare control totals for numeric fields to source • For all important numeric fields • Watch for blanks reported as “Errors” • Run Summarizations and evaluate reasonableness • Check first and last dates • Check key sequences for gaps and duplicates • Example: Concur can report multiple records for one expense report • Compare to print reports
  32. 32. STEP 3: VERIFY DATA INTEGRITY
  33. 33. BENEFITS & TAKE-AWAYS • IDENTIFY • Data relevant to audit objectives • LOCATE • Independent sources • Communicate face-to-face • Specific requests • VERIFY • Data integrity • Minimize transfer handling • Completeness • Reliability
  34. 34. Learn more about CaseWare IDEA Data Analysis Contact us at salesidea@caseware.com to schedule a demonstration
  35. 35. HOW TO GET THE RIGHT DATA FOR YOUR AUDIT IN 3 EASY STEPS WEBINAR Visit casewareanalytics.com Email salesidea@caseware.com

×