The internal Audit Foundation in collaboration with Grant Thornton recently released a report in which over 200 chief audit executives (CAEs) and directors shared their perspectives on leveraging data analytics to generate and elevate value.
The majority of internal auditing teams are already prioritizing data analytics and automation as a tool to add value to all internal audit teams regardless of their size. As opportunities to increase value the report mentions continuous auditing, a broader risk sensing ability, data-driven reporting and the reduction of IT vulnerability.
When asked for the three areas where data analytics provided the most value, CAEs focused on the following areas:
- Internal controls evaluation
- Fraud detection
- Compliance monitoring
The assessment of internal controls can be automated and freeing up resources to focus on exceptions and more valuable operational audits. Analytic algorithms analyzing large volumes of data can help identify fraudulent transactions that might be difficult to prevent or detect through traditional means. Compliance monitoring analytics provide real-time assessment and continuous data, allowing CAEs to have a better understanding of compliance and organizational performance.
There is a high commitment to invest time and resources to achieve high quality data analytics. In terms of tools the CAEs are looking for functional and easy to use technology that can access the necessary data and that provides on demand e-learnings.
Nevertheless, audit teams encounter obstacles that impede the effective implementation of analytics and automation. The three primary challenges include inadequate data quality or accessibility, lack of expertise and experience, and difficulties in establishing data connections. Addressing these challenges typically involves acquiring experience and knowledge through actually using technologies, providing training for staff, and collaborating with experts.
Organizations need to prioritize areas where internal audit can deliver assurance, mitigate risk, and generate value. The abundance of data presents significant opportunities to leverage it for risk identification and monitoring, enhanced assurance, regulatory compliance mitigation, and cost recovery. To maximize analytic progress and increase ROI, the following five opportunities are mentioned in the report:
- Add value beyond just assurance – Use KRIs and continuous auditing to monitor risks and exceptions.
- Enable broader risk-sensing – Shift from siloed analytics to a holistic view of risk and root causes.
- Shift toward data-driven reporting – Enable data-driven management by providing data analytics to management, boards, and stakeholders.
- Mitigate the impact of IT vulnerabilities – Make realistic plans based on organizational resources.
- Validate and prioritize – Achieve quick wins by focusing on high-value use cases and prototypes.
- Track ROI – Show the value, progress, and results of your data analytics activities and investments.
You can find the full report here.