Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time. If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample. Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think. Learning Objectives Understanding the advantages of analytics vs sampling How to Identify controls where analytics can be applied Real life examples of controls and their associated analytics How to effect a change

1. 20-4-2020
1
How analytics should be used
in controls testing instead of
sampling
Ken Petersen
April 2020
RSA Archer
About Jim Kaplan, CIA, CFE
 President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and
Windows devices)
 Auditor, Web Site Guru,
 Internet for Auditors Pioneer
 IIA Bradford Cadmus Memorial
Award Recipient
 Local Government Auditor’s Lifetime
Award
 Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
1
2

2. 20-4-2020
2
About AuditNet® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 3,000 Reusable Templates, Audit Programs, Questionnaires, and
Control Matrices
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
Introductions
HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized
usage or recording of this webinar or any of its material is strictly forbidden.
 If you logged in with another individual’s confirmation email you will not receive CPE as the
confirmation login is linked to a specific individual
 This Webinar is not eligible for viewing in a group setting. You must be logged in with your
unique join link.
 We are recording the webinar and you will be provided access to that recording after the
webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.
 If you meet the criteria for earning CPE you will receive a link via email to download your
certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to
white list this address. It is from this email that your CPE credit will be sent. There may be a
processing fee to have your CPE credit regenerated if you did not receive the first mailing.
 Submit questions via the chat box on your screen and we will answer them either during or at
the conclusion.
 You must answer the survey questions after the Webinar or before downloading your certificate.
3
4

3. 20-4-2020
3
IMPORTANT INFORMATION
REGARDING CPE!
 ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an
email with the link to download your CPE certificate. The official email for CPE will be issued via
NoReply@gensend.io and it is important to white list this address. It is from this email that your
CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the
initial distribution.
 We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We
highly recommend that you work with your IT department to identify and correct any email delivery
issues prior to attending the Webinar. Issues would include blocks or spam filters in your email
system or a firewall that will redirect or not allow delivery of this email from Gensend.io
 You must opt in for our mailing list. If you indicate you do not want to receive our emails your
registration will be cancelled and you will not be able to attend the Webinar.
 We are not responsible for any connection, audio or other computer related issues. You must have
pop-ups enabled on you computer otherwise you will not be able to answer the polling questions
which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see
to that you do so immediately after a polling question.
The views expressed by the presenters do not necessarily represent the views, positions, or
opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them,
are for educational purposes only and do not constitute accounting or legal advice or create an
accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and complete,
AuditNet® makes no representations, guarantees, or warranties as to the accuracy or
completeness of the information provided via this presentation. AuditNet® specifically
disclaims all liability for any claims or damages that may result from the information contained
in this presentation, including any websites maintained by third parties and linked to the
AuditNet® website.
Any mention of commercial products is for information only; it does not imply
recommendation or endorsement by AuditNet® LLC
5
6

4. 20-4-2020
4
Ken Petersen
• Currently Product Manager of TeamMate
Analytics
• 25+ years developing and implementing
systems
• In the Governance, Risk & Compliance
space since 2002
• BSBA from Ohio State, MBA from University
of Dayton, PMP certified
• ken.petersen@wolterskluwer.com
How analytics should be used in controls testing instead of sampling 7
Learning Objectives
In this Webinar, attendees will:
 Understand the advantages of analytics vs sampling
 Learn how to identify controls where analytics can be applied
 See real life examples of controls and their associated analytics
 Learn how to effect a change
8How analytics should be used in controls testing instead of sampling
7
8

5. 20-4-2020
5
POLLING QUESTION 1
Why Perform Analytics?
1) The Standards say so
2) COVID-19 - You do not have to be on site, in person, to do analytics
On a Gartner Internal Audit webinar in March 2020 with over 1000
CAE’s, the topic was remote work as an internal auditor – what’s
working and what’s not working.
A huge percentage of attendees (58%) stated that a lack of a data
analytics program means they cannot work right now – they are too
dependent on being present in the office.
3) Finding money
4) Increased assurance and reduced risk
10How analytics should be used in controls testing instead of sampling
9
10

6. 20-4-2020
6
Analytics Advantages
 Sampling contains risks
 Sample is not representative of the population as a whole
 Efficiency
 The risk of incorrect acceptance is the risk that the sample supports the conclusion that the
recorded account balance is not materially misstated when it is materially misstated.
 The risk of incorrect rejection is the risk that the sample supports the conclusion that the recorded
account balance is materially misstated when it is not materially misstated.
 Effectiveness
 The risk of assessing control risk too low is the risk that the assessed level of control risk based on
the sample is less than the true operating effectiveness of the control.
 The risk of assessing control risk too high is the risk that the assessed level of control risk based on
the sample is greater than the true operating effectiveness of the control.
 Most fraud cannot be identified with sampling, many controls are intended to,
among other things, prevent fraud
 Provides deeper insight into the operations of the organization
11How analytics should be used in controls testing instead of sampling
Demonstration
12How analytics should be used in controls testing instead of sampling
11
12

7. 20-4-2020
7
Controls conducive to analytics
 Look for the word “Sample” in the testing procedure
 Your organization may use other key words, “Data”, “Transactions”
 Won’t apply to data that is not electronic
 May not be appropriate for reviewing documentation
 May not be appropriate for data that are not transactions, e.g. monthly
balance sheets
 May not apply for the entire scope of the control
 Level 2
 Can document review be converted to data analysis?
13How analytics should be used in controls testing instead of sampling
POLLING QUESTION 2
13
14

8. 20-4-2020
8
Demonstration
15How analytics should be used in controls testing instead of sampling
How do we change
 The individual must recognize a need for a change
 The desire to change needs to be stronger than the perceived and real
difficulty of changing
16How analytics should be used in controls testing instead of sampling
15
16

9. 20-4-2020
9
Our auditors can’t do analytics
17
 Requires database skills
 Requires programming skills
How analytics should be used in controls testing instead of sampling
0
1
2
3
4
5
6
7
8
9
10
0 1 2 3 4 5 6 7 8 9 10
Desiretochange
Difficulty of changing (perceived /real)
When change occurs
How do we change
18
Change
No Change
How analytics should be used in controls testing instead of sampling
17
18

10. 20-4-2020
10
How do we change
 Change can have a chain reaction
 Change can be temporary or lasting
 Other factors and people can influence our desire to change and difficulty
of change
 The desire to change and the difficulty of change can change over time
 Change can have side effects, good and bad
 Our documentation improved because of analytics
 Employee satisfaction increased when they started doing analytics
19How analytics should be used in controls testing instead of sampling
POLLING QUESTION 3
19
20

11. 20-4-2020
11
www.TeamMateSolutions.com
ken.petersen@wolterskluwer.com
Ken Petersen
April 2020
21