Auditing and Data Analytics

Isn’t AI Just Data Analytics? At a professionals networking meeting a while ago I overheard someone boasting that they were a world leader with AI in Internal Audit because “AI is just data analytics and I have been doing data analytics for decades”. The keen listener agreed with the keener boaster and they then changed their conversation as to how they would improve the US political environment!! The self assured gentleman’s vision of AI set a spark in me – not a good one rather an out of control wildfire type one which come to think of it may be a good one! – to refute his worldview if only for my education. So over the last couple of weeks I have been jotting down randomly my retort in the way of newly conceived LLM prompts that Internal Audit could use that would take us past the world of data analytics (which I don’t dispute by the way is necessary but go and chat with Excel for that!) into a whole new paradigm of insight. ~ AUDIT PLANNING & RISK FORESIGHT ~ 1 - Analyse our last 5 years of audit reports and recommend high-risk areas we’ve under-covered. 2 - Predict risk escalation trends based on our past incidents and audit findings. 3 - Cross-reference our audit plan against Fortune 500 class actions in the last 3 years. Where do we under-invest? 4 - Build a dynamic audit plan that shifts weekly based on real-time internal data and industry disruption velocity. 5 - Cross-check executive incentive plans with risk culture metrics - where are we rewarding latent risk-taking? 6 - Correlate risk incidents with leadership turnover, culture surveys, and reorg activity - map the leadership fragility zone. ~ SCOPING & PROGRAM DESIGN ~ 7 - Simulate a walkthrough of the X process and flag likely control gaps. 8 - Build a zero-trust audit scope - assume every control is flawed. 9 - Reverse engineer our last 10 audit reports - what are we not saying that we should be? ~ FIELDWORK, TESTING & OBSERVATION ~ 10 - Compare this interview transcript with the control design - are there discrepancies? 11 - Test for AI-generated documents disguised as genuine - what authentication failures are we blind to? 12 - Design a continuous assurance program where AI performs micro-audits every hour across core processes. ~ INSIGHT SYNTHESIS & REPORTING ~ 13 - Summarise root causes from last 5 years of audit reports - cluster by theme. 14 - Model the likely risk trajectory if management does not implement recommendations. ~ STRATEGIC ADVISORY ~ 15 - Act as a digital twin of the Chief Audit Executive - critique our current audit strategy. 16 - Simulate the unintended consequences if our top 5 audit recommendations are fully implemented. 17 - Build a dashboard that shows how fast assurance turns into action—what is our audit conversion rate? 18 - Develop a ‘resistance map’—which teams are most likely to game, delay, or impede audit findings?

Why Does Internal Audit Struggle to use Data Analytics? If I had a dollar for every Internal Audit department paying for three or more unused analytics licenses... Data analytics has been a part of Internal Audit for over 25 years, yet many teams still struggle to integrate it effectively into their processes. Too often, when Audit leaders invest in analytics technology, they believe that simply purchasing the tool is the solution. However, the reality is that so much more can go wrong. Success in analytics requires more than just the right application—it demands strategic planning, alignment with business needs, and a shift in capabilities across your team. If you're an Internal Audit leader looking to build a sustainable data analytics capability, be aware that many challenges can arise after the initial rollout. Keeping momentum beyond the initial use cases can be difficult. Here are some common reasons why data analytics efforts struggle to take hold: 1. Technology Misalignment: The analytics tools used by Internal Audit are not aligned with what the business is using, leading to compatibility issues and a lack of support by the business. 2. Access Barriers: Politics and bureaucracy make it difficult for Internal Audit to gain access to enterprise data. 3. Data Validation Issues: Ensuring the accuracy, completeness, and reliability of data can be a significant challenge. 4. Data Literacy Gaps: Audit teams struggle to interpret and analyze data effectively, limiting the impact of analytics. 5. Process Integration: Internal Audit methodologies and processes have not been updated to incorporate more time or steps needed. 6. Business Readiness: Business partners may not be prepared to consume and act on analytics-driven insights, limiting adoption. 7. Lack of Organizational Mandate: The use of analytics is not embedded in Internal Audit’s charter, mandate, or strategic objectives. 8. No Performance Metrics: There are no clear KPIs to measure the success or impact of data analytics in Internal Audit. 9. Blended Skill Sets: Data analytics is often lumped together with IT Audit or other specialties rather than treated as a distinct and necessary competency for all auditors. 10. Key Talent Risk: The one team member highly skilled in data analytics leaves for a role in the business, leaving Audit without the necessary expertise. 11. Hiring Practices: Internal Audit leaders do not specifically recruit for data analytics competencies, limiting the team's ability to scale analytics efforts. 12. Dependency on External Resources: When data analytics is co-sourced or outsourced, capabilities disappear when budgets are cut, leading to a loss of momentum. These are some of the key obstacles Internal Audit leaders must address to create a sustainable, impactful data analytics program—one that doesn’t fizzle out like so many others have. What other pain points have you encountered when trying to embed data analytics into #InternalAudit?

Do you know the key ingredient for Data-Driven audits?   It shouldn’t be a surprise…   It’s data.   But what kind of data? Two types:   1)     Trial Balance data 2)     General Ledger Transactional data   Trial Balance data is the easier one. Yes – I know almost 100% of today’s auditors have a Trial Balance at their disposal. So what’s new??   Are you currently using Trial Balance data to automatically: 1)     Create all lead schedules 2)     Prepare financial analysis 3)     Prepare ratio analysis 4)     Recommend audit risks in your risk assessment work 5)     Prepare management letters   If not, you’re doing the above manually and you can save HUGE amounts of time moving to a Data-Driven audit approach.   Then comes General Ledger Transactional data.   The first hurdle here is extracting this data from your client’s accounting system. For some systems, extraction is easy. For others, your client will struggle and you’re going to get a hot pile of mess exported.   Not good. And that causes you a whole world of pain trying to transform that messy raw data into something useful.   Extracting, Transforming, and Loading (ETL) data into Audit Data Analytics tools is probably the HARDEST part of implementing a Data-Driven audit on all your clients.   Yet only one audit platform provider has built a solution to solve this problem.   When you have solved this, with General Ledger Transactional data you can start by performing advanced risk assessment reviews – visualizing every transaction made to every account to target your focus.   But to get real bang for your buck, you need your audit methodology to embrace Substantive Audit Data Analytics such as: 1)     Testing journal entries 2)     Testing revenue transactions 3)     Testing notable transactions in any account 4)     Creating client value-add reporting   But, focusing on Audit Data Analytics when you don’t have reliable data is a bit like shining a car that has no wheels.   Looks good. Might sound good. But it’s going nowhere…   So, to unlock the power of a Data-Driven audit…   Focus on the data!

How can audit teams leverage analytics to drive efficiency and automation? This week on The Audit Podcast, we’re joined by Ishan Kunkur, Digital Analytics Program Manager at Delta Air Lines, to talk about exactly that. We also discuss the evolution of audit analytics, from upskilling auditors in Power Query and Power BI to automating SOX control testing—saving 360 hours annually. Ishan explains how his team transitioned from performing analytics for audits to enabling auditors with data-driven tools, ultimately expanding into SOX automation and GRC dashboarding.