Over the last month, I’ve been looking at the results of surveys conducted by the Big Four accounting firms regarding internal audit. The messages are pretty consistent—audit departments need to pick up their game. They need to provide more proactive advice to stakeholders. The move from policeman to trusted advisor is requiring broader operational skills within the audit department.
But most importantly, auditors need to leverage technology more effectively. As I discussed in the first blog of this series, mobile-enabled audit management products provide an important opportunity to make the process of managing an audit more efficient. The choice of underlying database is important, because the ability to search both structured and unstructured data adds an important historical search capability.
Auditors should take advantage of advances in data analytics
A third area where technology can be leveraged is data analytics. A recent survey by KPMGⁱ showed that while most internal auditors recognized the value of data analytics, few audit shops were satisfied with their current level of maturity and recognized they had to do more. While a number of tools are already available, factors such as integration with ERP systems and programming complexity can make implementation challenging.
And there’s another twist to this. For decades, auditors have relied on sampling as a basis to predict the behavior of the populations that they represent. But can we still justify this approach? Technology advances and the increasing ability to provide sophisticated search capabilities allow initial processing to contain far more detailed testing parameters than have previously been possible. This allows automated identification of potential issues using a series of pre-defined conditions.
For example, in the case of an insurance company, it’s now possible to optimize the auditing strategy by identifying the claims more likely to contain fraud. Using a combination of rules and predictive methods, users can establish alerts that will enable them to systematically detect all instances of suspected fraud and prevent claims fraud by detecting suspects sooner, even before claims are paid. This in turn will lower the number of subsequent investigations.
And the auditors’ role?
So what’s the role of the auditor in all of this? Here’s the key. The auditor has a rich history of previous claims issues. In short, we know the dirty laundry. The opportunity here is for the auditor to advise the business on the creation of these rules. Technology advances mean that this is no longer the realm of ivory tower programmers, but that the rules can be developed by the business, for the business.
So in this example, auditors have set the groundwork for effective predictive data analysis, to prevent payment errors before they occur. Because 100% coverage of the population can be achieved using this approach, this is of greater value than any traditional sampling approach, and potentially of greater value to the enterprise than closing investigations on cases where overpayments have been made. This is a great example of the trusted advice our stakeholders are looking for.
So what level of maturity has your organization reached regarding data analytics? What advances can you make using current technology?
These are great questions to ponder as we move along the continuum from policeman to trusted advisor.
ⁱ KPMG Advisory Services: Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance 2013