Abraham Lincoln once said that if he had eight hours to chop down a tree, he would spend six sharpening his axe. Proper preparation can save hours of effort and apply that additional time savings to more value-add work. The built-in data visualization tools in IDEA can be used to gather large amounts of data from disparate systems in varying formats, then distilling the data down into something useful.
Some advanced preparation, such as locating and verifying information and identifying high-risk transactions, can save hours (if not days) for field auditors. A global corporation using IDEA wanted to better prepare its site auditors by sending them into the field with exceptions to review with the respective owners. Since not everyone is interested in coding and scripting, they wanted to provide an automated process to prepare for on-site work.
A team of auditors with data analytics experience and an understanding of the database system structures led the effort. They began by analyzing contracts, then integrated scripting to enable event monitoring for T&E and purchasing card data.
The initial steps towards automation included defining and mapping the data analytics universe to determine what data needed to be analyzed and where it was stored. For example, the audit universe included financial, operational compliance and health, safety and environment data (HSE). They also utilized resources available from CaseWare, The IIA, ACFE, ISACA and CEB. Once the data universe was mapped, they created primary data cubes and developed lists of key fields needed, such as amounts, dates, etc. Extract, transfer, load (ETL) was used to download all transactions and create a repository within IDEA. They also used SmartExporter to extract data directly from their ERP for analysis.
Auditors worked to understand database system structures and standardize the report acquisition method. IDEAScripts and custom @functions were used to streamline testing, including ranking transactions by risk level. Each test was developed to run against different data sets with just a few clicks by the end user. Auditors fine-tuned their strategy to reduce the number of false positives, adjust thresholds to meet specific requirements and identify root causes of anomalies.
The extensive work of mapping and assessing the risk universe has helped the company move from ad-hoc analysis to an automated approach using a full population of data. Field auditors now review exceptions with the respective owners and are more prepared for on-site work. Dashboards and visual analysis tools facilitate sharing of analytic results and key findings with stakeholders across the world.
With an automated system in place, auditors now conduct monthly audits globally using a suite of tests to identify high-risk transactions, detect duplicates and search for potential fraud. For example, purchase order reviews that were done on a site-by-site basis are now performed globally.
Auditors can risk-rank every transaction in the database, flag anomalies and keep history logs of identified items to prevent overlap between annual audits. The comments feature within IDEAScript provides end users with process narratives, which explain the function and purpose of each test.
Auditors continue their quest to understand the data, increase the sophistication of current scripts and create new scripts. IDEA has helped the company transition from random to repeatable analysis to improve the identification of high-risk transactions and processes.