Data analytics - Transforming your Internal Audit function

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Moving beyond the role of traditional assurance provider

Digital disruption and transformation are contributing to increased expectations of Internal Audit. Boards, Executives, and Audit Committees are looking for their Internal Audit function to step up by moving beyond its role of a traditional assurance provider, and taking on a more proactive business-enabling role, positioning itself as a trusted adviser to stakeholders.

In response, leading Internal Audit functions are innovating their processes - investing in data analytics, technology and tools. Their objective is not simply to automate isolated audit procedures but, to transform their function in order to unlock real value across the entire Internal Audit lifecycle.

Data analytics in Internal Audit – when it makes sense

While data analytics has typically been used for data acquisition and fieldwork, we firmly believe that it can, and should, be harnessed across the entire Internal Audit lifecycle.

From our research and interactions with Heads of Internal Audit (HIAs) and Internal Audit (IA) stakeholders, we have found that leading functions have moved beyond computer assisted audit techniques (CAATS) and are designing and deploying data analytics across their entire audit life cycle, leveraging the latest generation of data analysis and reporting tools. This is enabling a sharper focus on risk areas and business issues, as well as generating efficiencies throughout the audit process.  

The path to effectively harnessing data analytics is not easy, and even leading functions can experience resistance along the way. Challenges around data acquisition, identifying the right internal and external resources to support, and agreeing which technology is fit for purpose are commonplace.  It might not also be feasible to deploy across the entire lifecycle at first but it should be the end goal.

Unlocking value - building a data enabled function

So, how do you build a data enabled Internal Audit function, one that is aligned to your organisation's strategic objectives and works to unlock the value being sought by your stakeholders?

To get to where you want to (and can) go, you first need to understand where you are – looking at your current capabilities and clearly articulating your aspirations for the future. You might consider:

  • Your current data maturity
  • How your Internal Audit function compares to other similar organisations
  • What the potential data journey for your function looks like
  • The level of investment required to achieve the ‘data maturity’ you aspire to

Data maturity curve

Through our work with many Internal Audit teams, we have established that an Internal Audit function typically moves through six phases of maturity - where do you think your functions operates? Click on the buttons to the left of the graph.

For a more in depth analysis of where your Internal Audit function sits on the data maturity curve, you can access and complete our 'data maturity assessment tool'. Click here to request access to the assessment and one of our team of experts will contact you directly.

Manual IA function

Manual IA function
  • Auditing is performed using observation, walk through or hard copy documents.
  • Audit sampling is statistical and/or judgemental.
See more...

Piloting and ad-hoc

Sustainable and periodic analytics
  • IA function owns analytical tools such as IDEA and ACL available.
  • Bespoke analytics are run on a one off basis to address specific audit requirements.
See more...

Sustainable and periodic analytics

Sustainable and periodic analytics
  • Analytical scripts are automated and standardised for specific reviews.
  • Opportunity to utilise analytics is considered as part of scoping for every IA review.
  • Specialist staff support the extraction and analysis of data.
See more...

Continuous auditing

Continuous auditing
  • A physical and logical data repository (internally or externally developed/procured) is linked to key systems residing onsite and accessible by IA.
  • Overlay with dashboards and alerts to enable IA to monitor exceptions and hot spot areas on a continuous basis.
  • Key input in defining and updating the IA plan.
See more...

Continuous transactional monitoring

Continuous transactional monitoring
  • Automated controls are monitored on a ‘real time’ basis and potential exceptions are flagged to risk and/or controls owners.
  • Responsibility to operate the programme rests with the business. IA are a user and potentially, a custodian of the programme.
  • Control weaknesses are identified and remediated in a `real-time' manner prior to the risk materialising.
See more...

Predictive analytics

Predictive analytics
  • The extensive data structures are used to facilitate an understanding of activities (Pattern Matching).
  • What is “business as usual” is learned, either by user defined rules or through AI, and potential exceptions flagged based on their risk characteristics.
  • Allows proactive actions taken to address risk.
See more...
Follow us