Conventional IT Audit

Internal audit must assess the controls in place to decrease the risks that businesses face in order to guarantee that they achieve their goals. The term ‘IT audit’ was used to distinguish this approach from ‘conventional’ internal auditing.

IT auditing is becoming the industry standard for internal auditing. According to the Chartered Institute of Internal Auditors, risk-based internal auditing enables internal audit to reach the following conclusions:

1. Management has identified, assessed and responded to risks above and below the risk appetite.
2. Responses to risks are effective but not excessive in managing inherent risks within the risk appetite.
3. Action is being taken to correct situations where residual risks are not in line with the risk appetite.
4. Risks, responses and actions are being properly classified and reported
5. Risk management processes, including the effectiveness of responses and the completion of actions, are being monitored by management to ensure they continue to operate effectively

The primary differences between big data analytics and classic basic analytics are speed, efficiency, and the integration of numerous data kinds. Over the last decade, significant advances in technology have enabled organizations to handle data considerably more efficiently and quickly by employing specialized analytics tools and software to do data processing. Organizations may now acquire information, conduct analytics, and draw observations and conclusions in real-time or near real-time, and from a variety of data sources, allowing them to make educated choices and gain a competitive advantage they did not previously have.

Data analytics usually involves several types of technology being applied together in order to harness the most value from the data provided, which includes the following examples:

Data management

Process of acquiring, organizing, validating, securing, and processing data to ensure that such required data are accessible, reliable (meeting the required standards for data quality), and timely.

Data mining

Examining data to discover patterns and establish relationships such as connections, sequences, and correlations between several events.

Predictive analytics

Analytics aims to predict the future outcomes of a set of data input. Such analytics usually involve statistical algorithms techniques and machine learning technologies that predict the likelihood of future outcomes based on historical trends and outcomes.

Text analytics

Analyzing text data by combing through text from websites, emails, books, documents, social media, and other text-based sources to gain useful insights for the user with the aid of machine learning and natural language processing technology.

The application of data analytics broadens the audit beyond typical sample-based testing to encompass the study of large populations of audit-relevant data, therefore improving the quality and scope of audit evidence. Existing analytic tools, such as IDEA and ACL, may execute a number of analyses depending on the parameters provided by the auditors and then offer lists of exceptions for the auditor to analyze.

However, machine-learning technology will take data analytics to a whole new level. Data analytics supplemented with machine learning technology can learn based on the auditor’s past judgments about the analysis’s results, such as whether the exceptions detected are legitimate or false positives.. Hence, for this instance, the more conclusions the machine learns from the auditor, the better it is in identifying the exceptions.

Businesses are already expecting auditors to provide additional insights and value to the organization as part of the audit, thanks to the use of technology and innovation. The utilization of data analytics and machine learning will undoubtedly be the most important solution for the audit profession to give greater value to customers.

As previously stated, auditors can use data analytics and machine learning to highlight not only financial reporting issues, but also other value-adding findings as part of the overall audit findings that clients were previously unaware of, such as the relationship between certain factors and business performance, significant drivers affecting business performance, key business risks, and red flags to fraudulent activities.

The auditor’s duty will shift from performing administrative operations to designing procedures, interpreting analytics data, and exercising professional judgment on conclusions based on these interpretations.

The move to this future would take time since it would need a huge shift in the profession’s approach from traditional audit methodologies to one that completely incorporates data analytics and artificial intelligence in a seamless manner.

The challenge

Some of the challenges implementing data analytics in IT Audit:

1. Equipping auditors with the right skills

Auditors nowadays must deal with complicated company models that do not necessarily work in the same manner as more traditional ones.

Technological advancements have resulted in more sophisticated systems with higher capabilities, and the auditor needs some insight into and understanding of how these systems function in order to audit the business successfully. This poses a problem in terms of properly training and educating our future auditors, and it has ramifications for the pre-and post-qualification training choices that we provide.

2. Entry barriers for smaller firms

There is a concern that smaller audit companies may be unable to justify the large financial commitment, human resources, and training necessary to successfully apply data analytics in the audit process, resulting in the emergence of a two-tier audit system.

Furthermore, some smaller companies may withdraw from the audit market in order to give more of a business advising service to their customers, particularly those who voluntarily chose for an audit as a result of the raised audit exemption criteria.

3. Interaction of analytics with current auditing standards

The dependability of the data given by the customer may be a difficulty, and some controls testing will almost certainly be necessary to verify that adequate, trustworthy, and suitable audit proof is created. As a result, there is considerable confusion about how the use of data analytics interacts with and meets the International Standards on Auditing (ISAs).

4. Expectation gap

The use of data analytics may generate an expectation gap among stakeholders who believe that because the auditor tests 100% of transactions in a certain area, the client’s data must be 100% correct. This may lead to false expectations of the auditor in terms of detecting fraud and/or inaccuracy.

Furthermore, it is unclear how this sort of testing can meet the completeness assumption because it will only be conducted on transactions that are already in the system.

5. Data security, compatibility, and confidentiality

The auditor faces a problem in determining how much of the data collected from the client can be relied on as comprehensive and correct.

Data analyses are now being done using the auditor’s own software on data retrieved from the client’s system. There may be compatibility concerns between these two systems, and the task will be to ensure that the extracted data is correct, full, and dependable and that it does not become damaged throughout the extraction process.

There may also be client confidentiality/data protection concerns about the level of access the auditor has to confidential and sensitive information, as well as the security and anti-corruption procedures put in place to ensure the information’s integrity.

Conclusion

Data analytics technologies that can communicate directly with client systems to gather data may analyze and report on every transaction and balance. The expansion in computerization and transaction volumes has shifted audit away from an investigation of every transaction and balance, and the risk-based approach that was adopted has widened the expectation gap even more.

Data analytics has the potential to correct some of this balance and provide auditors with the opportunity to evaluate additional transactions and balances. This may improve the chances of detecting certain types of fraud or the ability to identify inefficiencies and opportunities for a client’s business, but it still cannot predict the future, and the need for auditors to assess judgments and the firm’s future as well as the past means auditors will not be replaced by computers anytime soon.