The Data Analytics Dilemma - How Do I Get Started?

By: Scott Freinberg, Director of Risk Advisory

Scott Freinberg

Director of Risk Advisory Services

The Data Analytics Dilemma – How Do I Get Started?

I’m sure anyone who has been to a recent conference or training event has heard the terms “data analytics” or “big data” used excessively. As organizations become increasingly data dependent, and advances in technology such as Blockchain continue to make data more readily available there is an increasing interest in figuring out how to access and utilize this data effectively in internal audit. While there is a lot of discussion around data analytics, there hasn’t been much guidance on how to integrate data analytics into the Internal Audit Department (“IAD”). One of the questions we are frequently asked by our clients is “How do I get started?”

IADs that have successfully integrated data analytics into their processes employ many methods. Traditionally, use of data analytics within the IAD focuses on auditing large data sets in an efficient and effective manner. One example of this testing strategy is establishing exception criteria and evaluating a full population of specific transactions using tools such as IDEA or ACL. Other more advanced data analytics users have ventured into leveraging visualization tools, such as Tableau, and advanced analytics tools, such as R, to support audit results and integrate data visualization into final audit reports. Visualization enhances Stakeholders ability to grasp the audit results and eases the C-suite’s consumption of audit information. The most sophisticated data analytics users have begun to leverage predictive analytics, IBM Watson for example, to predict where issues will occur and focus/plan audit activities. While it is great to hear how Internal Audit departments are leveraging data analytics, it still takes us back to the question “How do I get started?”

Once budget and resource support is in place, the most important step in setting up a data analytics function within your IAD is ensuring an effective data governance process is in place. Policy and procedures should be in place detailing how data should be vetted prior to use and where data can be sourced. One of the common issues we see at our clients is data users accessing what is believed to be like-data from different data access points, and later determining that it does not reconcile. The causes of variance may be due to data manipulations occurring during the data flow process, or the timing on when data is transferred or processed between data access points. The key to ensuring consistency in the use of data is strong data governance to establish data standards. Otherwise the saying, “garbage in, garbage out” will likely come into play.

After establishing a data standard, it is time to select tools that will be leveraged and what resources will be responsible for owning the data analytics process. As mentioned previously, there are many data analytics tools available and each has its benefits depending on the goals (e.g. audit execution, visualization, predictive analytics) of the data analytics function. Additionally, resources should be assessed to determine if the Internal Audit department has bandwidth to staff the data analytics function in house, whether an external hire is needed, or whether a co-source or out-sourced partner makes sense. Our experience is that a co-sourced model is most effective. A co-source partner can bring their perspective, experience, and familiarity to the table, and work with internal resources who understand the business to develop a sustainable data analytics function that can ultimately be maintained internally with outside guidance as needed.

Once resources and tools have been determined, it’s time to figure out how to use data analytics in practice. A good starting point is to look at audits completed in the prior year and determine if there was an opportunity to leverage data analytics from a planning, execution, or reporting standpoint. Another good place to start is to look at what data is available and determine if there are any data sets ripe for data analytics. It is always advantageous to get a few “quick wins” that show the value data analytics brings to the audit process to gain momentum.

Another important step in building out a data analytics function is educating the business on Internal Audit’s data analytics capabilities. It is ideal to have the business thinking about how data analytics could be used to make the audit process more efficient and effective, simultaneously looking for opportunities to leverage analytics in their internal controls. Internal Audit departments who have successfully rolled out data analytics functions often work closely with the business to help develop continuous monitoring controls that the business executes and Internal Audit will ultimately audit.

If successfully implemented, a strong data analytics function will lead to enhanced audit planning, execution, and reporting. It will also strengthen relationships with the business who can turn to Internal Audit to consult them through leveraging data analytics in their day to day functions. With continuous changes in technology, increased use of big data, and the inevitable path towards open-sourced data, every Internal Audit department should be considering how they will leverage data analytics going forward. Hopefully you now have a few tips to get started!

More in Data Analytics and Risk Advisory