Abstract
Auditors are being challenged to make better use of data analytics to identify and assess emerging areas of risk. Traditional methods are not timely and too labor intensive. Business risk changes rapidly and auditors need to implement a continuous assessment process that will allow them to adjust audit plans as risks change. Since this requires access to, and the analysis of, information residing in enterprise resource planning and other information systems, IT auditors are often called on to provide the technical advice and assistance. Therefore, it is important for IT auditors to understand how quantitative indicators of risk can be employed to address this problem.
Notes
i. PriceWaterhouseCoopers; Internal Audit in 2012; 2012; http://www.pwc.com/us/en/internal-audit/assets/pwc_ias_2012.pdf
ii. PriceWaterhouseCoopers; The Internal Audit Analytics Conundrum—Finding your path through data; December 2013; http://www.pwc.com/us/en/risk-assurance-services/publications/assets/pwc-internal-audit-analytics-data.pdf
iii. Gartner; Gartner Says Organizations Using Predictive Business Performance Metrics Will Increase Their Profitability 20 Percent by 2017; http://www.gartner.com/newsroom/id/2650815
iv. COSO; Developing Key Risk Indicators to Strengthen Enterprise Risk Management—How Key Risk Indicators can Sharpen Focus on Emerging Risks; http://www.coso.org/documents/COSOKRIPaperFull-FINALforWebPostingDec110.pdf
v. IBM Institute for Business Value; Orchestrating Risk-adjusted Performance Management; http://www-935.ibm.com/services/it/gbs/pdf/cfo_portal_orchestrating_risk.pdf
vi. PriceWaterhouseCoopers; Internal Audit in 2012; 2012; http://www.pwc.com/us/en/internal-audit/assets/pwc_ias_2012.pdf
vii. PriceWaterhouseCoopers; The Internal Audit Analytics Conundrum—Finding Your Path through Data; December 2013; http://www.pwc.com/us/en/risk-assurance-services/publications/assets/pwc-internal-audit-analytics-data.pdf
Additional information
Notes on contributors
David Coderre
Dave Coderre — currently on assignment at Telfer School of Management, University of Ottawa — has more than twenty-eight years of experience in the data analytics field in a variety of settings. He has led numerous audit projects, performed comprehensive risk analysis, and developed digital analysis and data mining tools and techniques to support fraud investigations. He is currently teaching a course on data analytics to prevent and detect fraud. Dave is the author of Fraud Analysis Techniques Using ACL (2009), which provides a series of 36 ACL scripts designed explicitly to detect fraud as well as a complete self-study course on ACL scripting; and Computer-Aided Fraud Prevention and Detection: A Step-by-Step Guide (2009) which describes data analysis techniques to detect fraud, waste and abuse. He is also the author of Internal Audit: Efficiency through Automation (2008).