Part 1 of this blog focused on the emerging role and importance of Audit Analytics. Part 2 looks at examples and Practical applications and implications for auditors.
A selection of data analytic examples
Below are a set of tests that could be used to do more detailed testing. The objective for the external auditor is build up a library of tests that can be used across clients / industries and can be constantly updated.
- Matches between employee and vendor master files. A common fraud is to establish a false vendor account. A simple test is to look for matches between employee and vendors addresses, bank account details and telephone numbers. The test requires access to both master files. .
- Duplicated payments. This requires the testing of multiple combinations of parameters e.g. date, invoice number and Key challenges around these tests are to detect any reversals that have been processed. The issue here is avoid “telephone book” reports that are counterproductive. The auditor should not assume that system level controls will always detect duplicates. Often the applications are written so as to detect duplicates entered on the same day or if a default is set to “on”. Invoice numbers can be altered to allow multiple processing where duplicate processing is controlled.
- Payments to employees following termination. A common fraud is to reactivate the accounts of terminated employees and continue to pay them into a different bank account. Alternatively, to continue to pay employees for a limited period after termination. The test should match the employee masterfile with the payment transaction file to look for payments after termination date.
- Payments to fictitious employees. Another common fraud is creating a false employee record. This test looks for tell-tale duplicates in the employee master file regarding addresses bank accounts and telephone numbers. Of course, many exceptions will arise where a business employs husbands and wives or undeclared associations.
- Employee with unusual proportions of overtime. This test can detect manipulation of employee records. It may also highlight poor rostering practices as well as OHS exposures.
- Employees with regular hours credited while on leave. This test may require accesses to the time capture system and the employee mater The test identifies ordinary time being credited to employee employees while taking leave.
Accounts Receivable (AR)
- Changed invoice dates. The valuation of debtors is effected by the age of invoices. A comparison on of the AR files can identify changed invoice dates.
- Matching of employee and customer details. A common fraud is to have ordered goods delivered to an employee address.
- Multiple accounts for the same customer. In a disparate and divisonalised business, a customer may have more than account Customers may maximise their credit terms by manipulating the use of multiple accounts. Multiple accounts can be identified by matching details such as ABNs and street addresses.
- Aging of the debtors: re-aging of unpaid invoices for comparison to a client’s aged debtors
- Aging of items in clearing and suspense accounts. Aging of items in suspense and clearing accounts.
- Manual journals affecting control accounts. Manual journals can be interrogated to look for entries to specific accounts.
- Suspicious Journal Entries: Journal entries made at suspicious times (weekends, late night) or to accounts not often used
- Testing of cut-off violations. Manual journals can be tested to identify entries to closed periods.
- Unauthorised posters. No segregation of duty in cases where person raising journals may also post them. Analysing the manual journals by users, by account affected and other analytical criteria.
- Unusual or duplicated warehouse adjustments. Perpetual inventory records can be manipulated through warehouse adjustments. These records can be tested to look for large entries before and after cut-off including duplicated
- Slow moving items. Depending on the nature of the stock files, stock on hand can be interrogated for slow moving stock (ageing of stock).
- Incomplete three way matching. Tests can be devised to identify unmatched invoices and purchase orders. Identifying Open Purchase Orders or re-use of Purchase Orders.
- Recalculation of depreciation. tests to recalculated depreciation for reconciliation to client balances;
- Aged assets. Aged assets still being written off can be identified.
The above examples are not complete by any means. However, before starting down the analytics route, there are some important caveats to note
- Some tests should be very carefully considered before effort is expended on them. A good example is the recalculation of interest balances in financial institutions. The algorithms supporting these calculations are often very complex. Users of data analytics should set realistic targets for test development.
- The landscape is relatively straight forward for internal auditors; however, the varied client base facing external financial auditors means that a significant effort will be required to develop the capability to be able to develop and repeat tests for various clients using different systems.
- Select and use a tool that is “fit for purpose”. You need a technology tool that can analyse millions of records, joins various formats together, important from any datasource and most important, be read only to preserve the integrity of the data. In addition, provide an audit trail of the analysis performed. A valuable consideration is the ability to automate and repeat the “library of tests” for various cli
Implications for auditors
The intention of this article is not to diminish the role of control reliance in external audits. The approach continues to be very relevant. However, the reliance on controls exclusively has inherent limitations, and so substantive testing is required in riskier areas. The targeted use of data analytics in high risk business processes has the potential to deliver substantial cost savings and show increased value creation by the external audit process.
The use of data analytics (as a dimension of continuous auditing methodology more broadly) by both internal and external auditors has the potential for inefficiencies in the duplication of audit procedures. With large volumes of data it has been suggested that the frequency of monitoring and testing may be best performed by internal auditors leaving the external auditor to focus more heavily on higher and peer level analytics and be an independent certifier of the internal audit continuous auditing system.
Whilst it is still relatively ‘early days’ in terms of such audit innovations the availability of modern audit data interrogation tools and techniques is creating exciting and valuable opportunities for the auditing profession.
 Chan D.Y. and Vasarhelyi, M.A. 2011. Innovation and practice of continuous auditing, International Journal of Accounting Information Systems, 12, pp. 152-160.
Enjoy this 2 part blog series on Audit Analytics?
Grab our complete guide: “Audit Analytics – Practical applications and implications for auditors“ or download it below:
Gavin Steinberg is the CEO of Satori Group and industry expert in Data Analytics, Budgeting, Forecasting and Financial Consolidation, and Continuous Control Monitoring. Gavin’s passion is helping companies to see the value that can be achieved through automation, understanding their data and bringing this to life through visual communication and assurance.