As the volume of information companies collect from internal and external sources continues to grow, auditors have to embrace analytics to help them keep pace. Incorporating data analytics into audits, however, can be more challenging than it sounds. Even departments that have established audit objectives and are ready to go with their data analytics tool can have problems getting the right data to so they can start. In this presentation, Scott Jones, CIA, CRMA discusses the challenges and solutions around identifying, obtaining and verifying the right data to help you achieve your audit objectives. SLIDESHARE: www.slideshare.net/CaseWare_Analytics WEBSITE: www.casewareanalytics.com BLOG: www.casewareanalytics.com/blog TWITTER: www.twitter.com/CW_Analytic

1. HOW TO GET THE RIGHT DATA FOR YOUR
AUDIT IN 3 EASY STEPS
WEBINAR

2. PRESENTER
Scott Jones, PE, CIA, CRMA
President and CEO
Key Performance Initiatives Inc.

3. AGENDA
1. Data Challenges
2. Objective
3. 3-Step Process
• IDENTIFY the data
• LOCATE the data
• VERIFY the data
4. Benefits and Take-Aways

4. DATA CHALLENGES
Cohn, Michael. Auditors see increased demand for data analytics. Accounting Today, April 5, 2017
https://www.accountingtoday.com/news/auditors-see-increased-demand-for-data-analytics

5. DATA CHALLENGES
Difficulty obtaining, accessing,
and/or compiling the data*
* Stippich & Preber. Data Analytics. The Institute of Internal Auditors Research
Foundation, 2016

6. A CAUTIONARY TALE
“Send me all your data”

7. OBJECTIVE: 3-STEP PROCESS
• Define a 3 Step Process for obtaining the right data:
• Identify
• Locate
• Verify
“But clearly within the audit space, the use of data analytics is
considered the best practice of today and the future….”
Brian Christensen, Executive VP of Global Internal Audit and Financial Advisory, Protiviti

8. THE FUNDAMENTAL ASSUMPTION
• Effective IT Internal Control Framework
• IT General Controls
• IT Application Controls
• (for the source of the data)
• Without IT controls, the auditor cannot rely on the data
• Testing of IT Controls is beyond the scope of this webinar

9. 3-STEP PROCESS: FIND RIGHT DATA

10. STEP 1: IDENTIFY THE DATA
• Audit Objectives
• Audit Scope
• Data Analytics Objectives
• Audit Procedures

11. STEP 1: AUDIT OBJECTIVES
• Define specifically the intended outcomes of the audit
• IIA Standard 2210
• Objectives must be established for each engagement
• Derived from a risk assessment
• Consider: errors, fraud, noncompliance & other exposures
• Adequate criteria
• Examples
• Determine the operating effectiveness of internal controls for the
cash disbursement process.
• Assess compliance with the AP transaction approval policy

12. • Boundaries of the audit
• Process
• Location
• Time frame
• IIA Standard 2220
• The established scope must be sufficient to accomplish the
objectives of the engagement
• Consider relevant systems, records, personnel & physical properties
• Example
• Accounts Payable Process
• San Diego Region
• 2016
STEP 1: AUDIT SCOPE

13. STEP 1: DATA ANALYTICS OBJECTIVES
• Derived from Audit Objectives
• Scope should match audit scope
• Clearly defined purpose
• Examples
• To test the population of 2016 AP transactions of the San Diego
Region for indicators of fraud
• To test the population of 2016 AP transactions of the San Diego
Region for compliance with transaction approval thresholds
• To test the population of 2016 AP transactions of the San Diego
region to assure that purchases are from authorized vendors

14. STEP 1: DATA ANALYTICS PROCEDURES
• To achieve Data Analytic Objectives
• Examples
• Duplicates Test – invoice payments
• Join – vendor master file to AP data
• Summarization – identify high risk vendors
• Benford’s Law Analysis – anomalous frequency at
approval thresholds

15. CAVEAT RE: IPPF STANDARD 2310
• Internal Auditors must identify sufficient, reliable, relevant,
and useful information to achieve the engagement’s
objectives
• Sufficient – factual, adequate, convincing
• Reliable – best attainable information, using appropriate techniques
• Relevant – supports observations & conclusion, consistent with
objectives
• Useful – helps the organization meet its goals

16. STEP 2: LOCATE THE DATA
• Sources of Data
• Establish Relationships
• Data Request
• Types of Data

17. STEP 2: SOURCES OF DATA
• Self-service access
• Standard reports and queries
• IT or other third parties
• Audited entity – NOT a reliable source

18. STEP 2: ESTABLISH RELATIONSHIPS
• Who knows where the data are stored?
• Audited function
• IT
• Don’t rely on email
• Talk face to face
• Not just during the audit
• Seek to understand
• Availability
• Locations of databases
• Means of access
• Required authorizations
• Required security – PII, HIPAA, ITAR

19. STEP 2: DATA REQUEST
• Consider the Computer System
• Consider means of transfer
• Describe report
• Objective and scope
• Define fields
• Type of data
• Length
• Format
• Precision

20. STEP 2: TYPES OF DATA
• Character (text)
• Date
• Numeric
• Variable
• Continuous (Interval, Ratio)
• Discrete (integers, counts)
• Attribute
• Ordinal (ranked)
• Nominal (arbitrary classifications)

21. STEP 2: CHARACTER OR TEXT DATA
• Key consideration: Length
• Numbers imported as text may not be useful for calculations
• Check & Invoice Numbers – Numbers or Text?

22. STEP 2: DATE & TIME
• Key Consideration: Format
• Determine what the source reports
• Know what your software can import
• Format determines length
• Date only? or Date and Time?

23. STEP 2: NUMERIC
• Key consideration: Precision
• Source Precision
• Useful Precision
• Type of Data

24. STEP 2: TYPES OF DATA
• Variable
• Also referred to as Quantitative
• Types include Interval, Ratio
• Numbered
• Attribute
• Also referred to as Qualitative
• Types Nominal, Ordinal
• Good/Bad, Red/Yellow/Green
• Sometimes represented by numbers

25. STEP 2: HIERARCHY OF NUMERIC DATA
• Variables
• Real Numbers
• Continuous: All calculations are valid
• Discrete: Most calculations are valid
• Data may be treated as ordinal or nominal
• Ordinal
• Values represent ranked order of the data
• Calculations based on ordering are valid
• Data may be treated as nominal but not variable
• Nominal
• Values are arbitrary numbers that represent categories
• Only frequency calculations are valid
• Data may not be treated as ordinal or variable

26. STEP 2: LOCATE THE DATA

27. STEP 2: EXAMPLE DATA REQUEST
Report
Report Name Report Description Expected
Completion
Date
AP Report – San Diego Oracle report of account payable
transactions for KPI San Diego from
payment dates 1/1/2016 through
12/31/2016
5/31/2017

28. STEP 2: EXAMPLE DATA REQUEST
Fields

29. STEP 3: VERIFY DATA INTEGRITY
• Transfer the Data
• Completeness
• Reliability

30. STEP 3: TRANSFER THE DATA
• Minimize intermediary handling
• Options
• ODBC
• FTP
• Shared Drive
• SharePoint
• Print report or PDF
• Email
• Portable Media
• Consider security requirements
• Access management
• Encryption

31. STEP 3: COMPLETENESS OF DATA
• Compare record counts to source
• Reliability
• Compare control totals for numeric fields to source
• For all important numeric fields
• Watch for blanks reported as “Errors”
• Run Summarizations and evaluate reasonableness
• Check first and last dates
• Check key sequences for gaps and duplicates
• Example: Concur can report multiple records for one expense report
• Compare to print reports

32. STEP 3: VERIFY DATA INTEGRITY

33. BENEFITS & TAKE-AWAYS
• IDENTIFY
• Data relevant to audit objectives
• LOCATE
• Independent sources
• Communicate face-to-face
• Specific requests
• VERIFY
• Data integrity
• Minimize transfer handling
• Completeness
• Reliability

34. Learn more about
CaseWare IDEA Data Analysis
Contact us at salesidea@caseware.com to
schedule a demonstration

35. HOW TO GET THE RIGHT DATA FOR YOUR
AUDIT IN 3 EASY STEPS
WEBINAR
Visit casewareanalytics.com
Email salesidea@caseware.com