Professional Documents
Culture Documents
Data Analytics and Audit Coverage Guide
Data Analytics and Audit Coverage Guide
04 Data Analytics and Audit Coverage Guide: 15 Technical Features and Functionality
Sample 1
16 Cost
05 What is Data? 17 Readily Accessible Tools
06 Data Becomes Information for Reporting 18 Audit Software
07 Reports With Data Analysis Are Designed 19 Data Analysis Methodology
08 Defining Data Analysis 20 What Can I Do with This Stuff?
09 Getting Your Data 21 Where are we heading?
10 Where the Data Came From
22 Data Analytics and Audit Coverage Guide:
11 Data Outputs Sample 2
12 Choosing the Right Data Analysis Software
23 Setting the Stage: Data Analysis Defined
13 Internal Auditing Strategic Objectives
24 What is Data?
14 Provider and Implementer Support
25 Data Becomes Reports
2
TABLE OF CONTENTS
3
DATA ANALYTICS AND AUDIT
COVERAGE GUIDE: SAMPLE 1
WHAT IS DATA?
Employee
Name
Division Sales Amount ID
General Ledger
Quantity Customer
Price (GL)
Number
Account
5
DATA BECOMES INFORMATION FOR REPORTING
Data File
Inventory Report
Quantity
Unit Extended
Warehouse Part Description Quantity
Cost Cost
1 xx xx xx xx xxx
Part
Number Client 1 xx xx xx xx xxx
Application 4 xx xx xx xx xxx
Program
4 xx xx xx xx xxx
Unit Cost
10 xx xx xx xx xxx
10 xx xx xx xx xxx
Warehouse
Number
6
REPORTS WITH DATA ANALYSIS ARE DESIGNED
Summarized by Part
Number
Data File(s)
Part
Number Data Analysis
Techniques
Excess Inventory
Unit Cost
Warehouse
Number Customer Name
Unusual Items
Customer ID
7
DEFINING DATA ANALYSIS
Data Analysis
The extraction of data from a company’s information system in order to perform data selection,
classification, ordering, filtering, translation and other functions to provide meaningful information
about business processes.
8
GETTING YOUR DATA
9
WHERE THE DATA CAME FROM
• Data warehouse
• Production system
• Test environment
10
DATA OUTPUTS
File Output
File Output Options
Options
• Excel
•• Text
Text
• System proprietary
• System proprietary
Delimiters
Delimiters
11
CHOOSING THE RIGHT DATA ANALYSIS SOFTWARE
12
INTERNAL AUDITING STRATEGIC OBJECTIVES
13
PROVIDER AND IMPLEMENTER SUPPORT
14
TECHNICAL FEATURES AND FUNCTIONALITY
15
COST
Upgrade fees
16
READILY ACCESSIBLE TOOLS
Microsoft Excel
• Advantages
− Incremental costs are easy to learn but do not exist.
• Disadvantages
− Import and data processing capabilities are limited.
− A join/grouping functionality does not exist.
Microsoft Access
• Advantages
− Import capability/interfaces with other databases are improved.
− Analyses relate to one another.
• Disadvantages
− SQL knowledge is heavily relied upon.
17
AUDIT SOFTWARE
• Advantages
− Data handling and processing speeds are efficient.
− Data analysis functionalities are built in.
• Disadvantages
− Learning curve/script writing is hard.
IDEA
• Advantages
− Graphical user interface/visual scripts are efficient.
− Audit procedures and output reporting are effective.
• Disadvantages
− Advanced statistical analysis is limited.
18
DATA ANALYSIS METHODOLOGY
Example:
Analysis Statement 1: Verify that group purchase/requisitions orders have an associated invoice in the accounts
payable system.
Step 1: Extract line items with the desired cost/group codes from all data sets.
Step 2: Group POs in access using a select query and include the PO number.
Step 3: Group ROs in access using a select query and include the RO number.
Step 4: Compare the AP data table to the PO select query (we want to capture POs that don’t have an invoice
number).
Step 5: Compare the AP data table to the RO select query (we want to capture ROs that don’t have an invoice
number).
Step 6: Review the results (noting POs and ROs that have no invoices attributed to them).
19
WHAT CAN I DO WITH THIS STUFF?
• Establish templates that can aggregate your line-item data to dashboards for quick review.
• Review past information to detect issues, correct them and establish means to prevent it from occurring again.
• Raw historical data forecasting should involve a level of statistics for more meaningful results.
20
WHERE ARE WE HEADING?
21
DATA ANALYTICS AND AUDIT
COVERAGE GUIDE: SAMPLE 2
SETTING THE STAGE: DATA ANALYSIS DEFINED
Data Mining
23
WHAT IS DATA?
Name Employee ID
Division Sales Amount
24
DATA BECOMES REPORTS
Sales Employee
Name Division
Amount ID
Transaction Transaction
Date Username Type
Customer Price GL
Quantity
Number Account
Warehouse
Number
25
YOU DESIGN REPORTS WITH DATA ANALYSIS
Name Division
Sales
Amount
Employee
ID
Summarized by Part
Number
Transaction Transaction
Date Username Type
Data File
Excess Inventory
Quantity
Customer
Part Data Analysis Verified Extensions
Name and
Number Techniques and Footings
Customer ID
Unit Cost
Unusual Items
Warehouse
Number
26
THE SIX ELEMENTS OF INFRASTRUCTURE
Information
Processes are facilitates the Automation and
Policies define Informed decisions
assigned to key definition of data integrity meet
processes. are based on reports.
owners. controls. needs.
Processes do not People lack the Reports do not Methodologies do Information is not
carry out established knowledge and provide information not adequately available for
policies or achieve experience to for effective analyze data and analysis and
intended results. perform the management. information. reporting.
processes.
27
CRITICAL SUCCESS FACTORS AND COMMON
PITFALLS (1/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
28
CRITICAL SUCCESS FACTORS AND COMMON PITFALLS
(2/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
29
CRITICAL SUCCESS FACTORS AND COMMON
PITFALLS (3/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
30
CRITICAL SUCCESS FACTORS AND COMMON
PITFALLS (4/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
31
CRITICAL SUCCESS FACTORS AND COMMON
PITFALLS (5/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
32
CRITICAL SUCCESS FACTORS AND COMMON
PITFALLS (6/6)
Business Business People and Management Systems
Methodologies
Policies Processes Organization Reports and Data
• Understand how applicable data is captured and reported in operational and financial systems.
− Procurement is handled through payments.
− Sales are handled through cash applications.
− Payroll and expense reimbursement occur.
− General and subledgers are used.
− Bank information is utilized.
− External databases are used.
• Understand system interfaces (automated and manual).
− Advocate automating data capture where practical.
• Know the audit tools available and their capabilities.
• Select the right tools for programs/procedures.
• Focus on driving efficiency over time vs. initial investment.
33
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Data Analysis: Suggested Approach
34
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Possible Examples for Consideration
GL and Journal Entry Examples Travel and Entertainment Examples
35
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Case Study 1
• Global management consulting, technology services, and companies with offices and
operations in more than 50 countries and annual revenues in excess of $21 billion are
outsourced.
• Internal audit (IA) personnel used ACL to perform limited analyses as part of quarterly
Background companywide journal entry (JE) reviews of more than 13 million journal entry lines. All
analyses were performed manually through the ACL graphical user interface.
• IA personnel were using Excel to perform limited analyses for employee time and expense
(T&E) testing.
• Implement routines (e.g., scripts) in ACL to automate the existing limited JE and T&E
analytics.
Project • Create additional automated testing routines to be executed as quarterly continuous controls
Objectives monitoring (CCM) procedures.
36
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
JE Testing Overview
• Quarterly Companywide JE Review
− Data integrity testing, such as reconciliation to control totals, analysis
of reporting period and search for blanks in key fields is done.
− An analysis of JE approvers on an authorized list and an analysis of
manual and automated entries by document type were performed.
Entries where the document header or line item text is blank were
identified.
• CCM: Data Exploration
− Classify unique values for key data fields, including company code,
transaction code, manual vs. automated flag, year/period and
currency.
− Statistics on amount and posting date fields are used.
• CCM: Duplicates Testing
− Identify duplicates (same account and amount) for manual JEs.
• CCM: Fraud Analytics
− Keyword search for items, such as “plug,” “miscellaneous,”
“temporary,” “adjust,” etc.
− Entries posted in the top 10 countries in the corruption perceptions
index listing are evaluated.
− The same person should enter and post all manual JEs.
• CCM: High-Risk Account Entries
− Identify all entries posted to “high-risk” accounts.
• CCM: Timeliness of Postings Analysis
− Calculate the number of days between journal entries and posting
dates.
37
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
T&E Testing Overview
• General Data Overview
− Create record count and dollar amount totals by year and month (i.e.,
to reconcile to control totals).
− Classify unique values for key data fields, including expense type and
entry date.
− Identify the top 100 highest and lowest transaction amounts.
− Use the statistics on amount field.
• T&E Population Analyses
− Identify transactions just under $XX threshold for receipts per U.S.
policy.
− Extract all transactions that are around multiples of $XXX.
− Perform approval threshold analyses for certain expense types per
policy, including training/publication greater than $XXX, business deals
greater than $XXX and travel/other greater than $XXX.
− Identify potential duplicates using multiple sets of criteria.
• Expense Type Analyses
− Identify all transactions for certain expense types assessed to be high-
risk, including “Gifts, Floral, Tickets and Promotional Items,”
“Miscellaneous,” “Non-Standard Office Supplies,” “Technology
Supplies” and “Charitable Contributions.”
• Keyword Search
− Keyword search for items assessed to be high-risk, such as “gift,” “car
repair,” “rent,” “pet,” “movie,” “apartment,” “doctor,” “furniture,” “laptop,”
“clothes,” “tuition,” “laundry,” etc.
38
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Summary of Value
JE Testing: Sample Results From One Quarter
• The amount of time to perform quarterly JE review procedures, including manual analyses through the ACL GUI,
was reduced from approximately XX-XX hours to XX-XX hours.
• Additional CCM test results include:
– XXX journal entries (more than XXX journal entry lines) where the same individual entered and posted the JE
occurred.
– Nearly XXX JE lines were just under the $XX approval threshold.
– XXX JE lines with the word “plug” were entered, XXX JE lines with the word “miscellaneous” were entered and
nearly XXX JE lines with the word “temporary” were entered.
– XXX JEs where the posting date was more than XX days before the entry date occurred.
– More than XXX journal entries were posted in countries in the top 10 of the corruption perceptions index,
including nearly XX journal entries with line amounts greater than $XXX.
• More than XXX expense transactions with the word “wine,” XX containing the word “laundry,” more than XXX with
the word “golf,” XX with the words “doctor” or “surgery,” XX with the word “clothes” and XX with the word “iPod”
were identified.
• Nearly XXX transactions with round dollar amounts that are multiples of $XXX were identified.
• All transactions requiring separate approvals per policy, including XXX transactions exceeding the business meal
threshold, XXX above the training/publications threshold and more than XXX exceeding the “other expense”
threshold were identified for additional testing.
• More than XXX potential duplicate transactions with the same personnel number, expense date, charge code,
expense type and amount were identified.
39
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
More Examples for Consideration
Procure-to-Pay Examples Order-to-Cash Examples Information Technology
• Vendor Master File Analysis • Cash Receipts and Timely Posting • Access Rights Analysis
• Number of Inactive Vendors With Analysis • Multisystem Segregation of Duties
Activity • Customer Credit Ranking Analysis Analysis
• Payments to Inactive Vendors (Amounts and Authorization) and • Last User Sign-On Analysis
• Duplicate Vendors, Invoices and Customer Activity Analysis • Employee Master Records Analysis
Payments (Payments and Credits) • Duplicate Employee IDs Analysis
• Vendor to Employee Match • Write-Off Transactions Analysis • Change Management Authorization
• Benford’s Law Analysis – Invoice, (Authorization and Timeliness) • New Hires/Terminations
Payments, PO and/or Credit • DSO Analysis by Order Date, Bill • Problem Management Analysis
Analysis Date and Payment Received Date • System Logic Analysis (Write-Offs
• Missed Discounts: Late • Unfulfilled Customer Purchas and Refunds)
Payments Orders Analysis • Benchmarking Reports (Determine
• Authorization and Analysis of PR, • User Analysis the accuracy of system reports by
PO, Invoice and Payment • Customer Account Aging Analysis utilizing actual transactional and
• Aging AP and Credit Processing • Holiday Activity master data [i.e., compute what the
Analysis values should be based on
• Holiday Activity business rules and then compare
• Void/Reissue Payment Analysis them to actual monthly reports].)
• Payment Gap Analysis
• User Analysis Between Vendor
Setup, Voucher and Payment
Processing
• Debit Memos/Adjustments Analysis
• Overpayments/Refunds Analysis
(Unused Credits)
40
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Sample Results: Supplier Statement Audits
Supplier statement reviews can be a significant driver for identifying unused credits or outstanding checks, which
result in near-term cash recovery.
41
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Sample Results: Payment Terms
Nonstandard or “unfavorable” payment terms should be analyzed to determine opportunities for either payment
discounts or extending to more favorable terms.
xx, x%
Discounted
Discounted Terms
Unfavorable Terms Terms
17%
xxx Invoices (xx%) 17%
Less than
30 Days No
Net 30+ Discount
No
Discount Less than
xx, xx% 30 Days No
xx, x% xx, x% xx, x% 40%
Net 30+ Discount
xx, x% xx, x% No
xx, x% xx, x% 43%
Discount
xx, x%
40%
Observations
• XX% of all nondiscount invoice terms required payment in less than the standard 30-day payment terms.
• $XXX in invoice spend (XX%) had immediate payment terms.
42
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Fixed Assets
• Estimate/recalculate depreciation. • Look out for aging CIP.
• Verify that accumulated depreciation does not • Facilitate item master cleanup.
exceed cost for any asset.
• Search for negative depreciation.
• Identify “credit” assets.
• Use inconsistent/outlier useful lives/depreciation
• Identify land that is depreciating. methods.
• Identify assets assigned out of the useful lives • Perform a post-addition percentage analysis
policy. (how much more cost added after depreciation
started).
• Determine the assets setup with the cost below
the capitalization threshold. • Search for aged and fully depreciated assets.
• Estimate the impact to P&L of • Perform an asset-classification analysis (leased
increasing/decreasing capitalization threshold. vs. fixed or long-term vs. short-term).
• Review for duplicate asset setups. • Compare the asset turnover ratio to the industry
average.
43
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Inventory
• Inventory by type summary is identified. • Inventory vs. sales analysis is done.
• Inconsistent costing is identified. • Potential excess inventory is identified.
• Inconsistent units of measure with the same unit • Margin review occurs.
costs are used.
• A user analysis between the purchase order and
• Category types are verified. receipt is done.
• Cost analysis is extended. • An inventory adjustment analysis (write-offs) by
items, users, locations, transaction type and time
• A quantity analysis is done.
of day is performed.
• A per unit cost analysis is performed.
• An inventory adjustment analysis (returns) by
• Current vs. prior-year cost comparison setup is items, users, locations, transaction type and time
performed. of day is done.
• Reports of unit cost changes are used based on • A scrap activity analysis is performed.
prior-year quantities and current-year unit costs. • Negative inventory balances and/or inconsistent
• Sales analysis is done. fluctuations in inventory accounts between
months are identified.
44
HOW DO WE USE THIS AND WHAT ARE SOME GOOD
EXAMPLES?
Lessons Learned
Senior management buy-in is crucial for the success of any controls
monitoring projects.
You have a tremendous opportunity to drive value and be an agent of positive change in your
organization!
45