Downloaded 177 times
Uploaded byCaseWare IDEA
Integrating Data Analytics into a Risk-Based Audit Plan
The document discusses the integration of data analytics into risk-based audit plans, emphasizing the need for a visionary approach in risk management that transcends technology and includes cultural and philosophical shifts. It highlights the importance of broadening the internal audit's focus towards business strategy and stakeholder satisfaction, while also developing skilled teams and utilizing data analytics to drive insights and efficiencies. The future of auditing is portrayed as increasingly reliant on visual data discoveries and effective communication of audit findings to stakeholders.
In this document
Powered by AI
Introduction to integrating data analytics in a risk-based audit plan.
Factors influencing risk management include cost reduction, value addition, regulatory changes, and technology.
Executives from PwC studies emphasize the need for internal audit to contribute meaningfully.
A successful risk management strategy encompasses culture, philosophy, and technology integration.
Key components for effective audits: visionary leadership, stakeholder satisfaction, best practices, and efficiency.
Rapid changes in audit plan compositions show increased focus on strategy, risk management, and governance.
Importance of investing in skilled people and technology for effective data analysis in audits.
Discussion on assessing risks effectively within the audit universe for better outcomes.
Using insights effectively in risk-based audits by incorporating data analytics in planning and execution.
Analyzing comprehensive data to eliminate risk in controls assessments and enhance audits.
The ongoing need for analytics in audit reporting to highlight deficiencies and provide clear recommendations. Visual data tools can enhance audit practices and decision-making through insightful data analysis.
More Related Content
Similar to Integrating Data Analytics into a Risk-Based Audit Plan
![[DSC Europe 25] Natasha Savic - Agentic AI in Production: Lessons from Real-W...](https://cdn.slidesharecdn.com/ss_thumbnails/91fscf7rraabydlmw6xj-natasha-savic-251127093914-7098d487-thumbnail.jpg?width=640&height=640&fit=bounds)
Integrating Data Analytics into a Risk-Based Audit Plan
- 1. INTEGRATING DATA ANALYTICSINTO A RISK-BASED AUDIT PLAN
- 2. DRIVERS OF RISKMANAGEMENT Risk is high on the agenda for boards today due to: • A focus on cost reduction • A desire for added value • An evolving regulatory environment • Technological changes and availability of data
- 3. STAKEHOLDER PERCEPTIONS The overwhelmingopinion of 1,700 executives participating in both the 9th and 10th annual PwC State of the Internal Audit Profession Study is that IA needs to reach for new heights and contribute to the organization in a more meaningful way. Source: PwC 2014 State of the Internal Audit Profession Study
- 4. VISIONARY APPROACH TORISK The building blocks to successful risk management
- 5. WHERE DO YOUWANT TO BE? Source: IIA, Pulse of the Profession, Defining Our Role in a Changing Landscape Report
- 6. A VISIONARY APPROACH Creatinga visionary approach to risk is: • Not just about technology • Applicable to all levels of a business • A matter of culture and philosophy • Integrated into how things are done everyday
- 7.
- 8.
- 9. PAVING THE PATHWAYTO SUCCESS To have a visionary team, you need a visionary leader. But there will be challenges in forging this new path: Innovation and Technology External Stakeholders Internal Challenge
- 10.
- 11. BECOMING A TRUSTEDADVISOR Source: PwC 2014 State of the Internal Audit Profession Study
- 12.
- 13. BROADENING AUDIT LANDSCAPE Comparisonof average audit plan composition between 2013 and 2014 shows that in very little time, the coverage of internal audit is broadening drastically. IA is now expected to allocate more time to business strategy, risk management effectiveness, and governance than ever before. Source: IIA, Pulse of the Profession, Enhancing Value Through Collaboration Audit Plan Coverage in 2013 vs. Audit Plan Coverage in 2014
- 14.
- 15. BUILDING A TEAMOF EXPERTS Gaining value from an investment in people and technology is a top priority when building your audit team. Effective data analysts are those who demonstrate critical thinking. Source: IIA, Pulse of the Profession, Enhancing Value Through Collaboration
- 16.
- 17. Adapted from: EDPACS,2014, Performing a Strategic Risk-Based Assessment RISK BASED AUDIT UNIVERSE
- 18.
- 19. RESULTS FOCUSED ANALYTICS Usinginsights to drive results in risk-based audits
- 20. Source: EDPACS, 2014,Performing a Strategic Risk-Based Assessment
- 21. DATA ANALYTICS FROMEND TO END First step to effectively incorporate data analytics within your audit process using a risk-based approach is to begin with the audit plan. Using data analytics will help to: • Focus your audit • Allocate resources effectively • Save time (less time onsite) • Learn more about the business
- 22. RISK AND CONTROLSASSESSMENT Purchasing Card Example:
- 25. DATA ANALYTICS FROMEND TO END In the execution phase, it is important to analyze 100% of the data during your audit execution in order to: • Eliminate sampling risk • Report on validated insights • Save time • Address control deficiencies • Establish a root cause analysis
- 26. NEXT STEPS Using dataanalytics from end to end within the audit universe requires a continuous stream of analytics processes. While not entirely the final step, using analytics within your audit report is important in gaining alliance with corporate stakeholders. Your audit report should: • Contain validated deficiencies • Highlight root causes • Provide recommendations • Be clear and understandable
- 27. MOVING AHEAD: DATADISCOVERY We currently use data as a tool to display findings in a unique and easy-to-digest format, but the future of audit lies in the ability to use visual data discoveries to enhance your audit potential and enable you to: • Visualize frequencies and anomalies • Probe further into visual discrepancies • Visualize a more in-depth picture of a controls framework
- 28. SUMMARY • Be creativeabout how you approach data analysis • Invest in the people and tools necessary for success • Provide value for management from data analytics • Eliminate sampling risk • Use data analytics to scope audit engagements
- 29. INTEGRATING DATA ANALYTICSINTO A RISK-BASED AUDIT PLAN Visit casewareanalytics.com Email salesidea@caseware.com
Editor's Notes
- #6 Why do we need to be proactive with a risk based approach? “Living at risk is jumping off the cliff and building your wings on the way down” - Ray Bradbury –
- #10 3 years ago, the VP, IA got audit committee buy-in to implement IT audit and data analytics capabilities within the department. Implementing advanced data analytics capabilities within a department cannot be treated as a “side of desk” job, but rather has to be treated as an all-out project Implementing data analytics requires people, process & technology
- #12 Established via added value, which comes from good (value added) recommendations. What is value added?: Quantifiable impact, expense reductions, process improvements Although a necessary part of the audit function, compliance audits are the least value added from the perspective of operations and understandably so. Therefore make the findings and recommendations (for action items) make sense by properly outlining the residual risk of NOT addressing the finding)
- #14 Talk about output (20% increase in audit reports – more coverage with same udgeted hours – not just a mile wide or mile deep)
- #16 The talent crunch: It is estimated that by 2018, between 150-180K jobs requiring deep analytical skills will be vacant. Another 1.5M managers and staff members who know how to analyse large data will be vacant. Hire talent, keep it and develop internally In our case, I was brought in 2 years ago, and am in the process of developing a secondary resource with expert analytical skills and plan on working with a 3rd staff member in the future. Advance data analysis skills are no longer an asset, but a requirement for a strong audit department.
- #21 Planning process before analytics: The inherent risk is known and interviews, process flow diagrams and control descriptions are used to identify residual risks (essentially unaddressed inherent risk); professional judgment is used in determining scope and objectives. How does data analytics contribute in planning? Another way in which to help identify residual risk; Another way in which to identify control failures; A tool (over and above professional judgment) to identify high inherent risk areas so as to include in the testing; and A tool to help identify potential control weaknesses to include in testing or findings Result: Smaller scope, less budgeted hours per mandate, larger and more value added coverage of risks. Also we deliver more reports in 1 year. ------------------------------------------------------------------------------------------------------------------------------------------- Testing process prior to data analytics: Random and Judgmental sampling based on scope. Substantive testing. How does data analytics contribute in testing? Targeted sampling Fine tuning of scope based on objectives (as new data is received) 100% sample testing as opposed to substantive sampling (when possible) Results: Less hours spent testing, more coverage of processes with 100% testing, greater coverage of risks