Why You Need to STOP Using Spreadsheets for Audit Analysis
-
Upload
caseware-analytics -
Category
Data & Analytics
-
view
241 -
download
1
Transcript of Why You Need to STOP Using Spreadsheets for Audit Analysis
REASONS YOU NEED TO STOP USING SPREADSHEETS FOR AUDIT ANALYSIS
AUDIT SOLUTION
WHY WE LOVE SPREADSHEETS
• Constant use = familiarity• Easy to share • Database-like features• Data import, analysis, and report generation functions
PROBLEMS WITH SPREADSHEETS
Definition: A program in which users enter numerical values or data into rows and columns, and use these entries for calculations, graphs, and statistical analysis.
Data values can easily be altered – even accidentally
VLOOKUP and other formulas break easily but not always easily detected
SPREADSHEETS ARE RISKY
Despite familiarity, spreadsheets lack data integrity
Difficult to replicate analytics
Difficult to “debug”
Difficult for someone new to take ownership
I’m afraid I accidentally copied last years spreadsheet numbers into this
years annual report.
Soo…. Are they close?
DATABASES
A data management system that is able to handle larger data volumes than spreadsheets and provide robust data exchange
Complicated User Interface
Complex scripting knowledge required
No point and click solutions available
CAAT
• Computer Aided Audit Tools • Offers comprehensive approach compared to traditional
audit sampling methods• Facilitates more granular analysis of data • Delivers more definitive results because the entire
population of data can be tested
CAAT: BEST OF BOTH WORLDS AND MORE
ATTRIBUTE SPREADSHEETS DATABASES CAATS
Familiarity High Low Low
Ease of learning Medium High Medium
File size Small Large XLarge
Speed Slow Fast Fast
Data Integrity Accidental or intentional data changes
Imported data more secure
Imported data always secure
Routine audit analysis Build it yourself Build it yourself Pre-built
Audit trail Create manually Create manually Automatic
Pull in PDF reports Painful Painful Simple
Data matching None None Many
AUDIT ANALYTICS
CAATs
Timeliness
Secure
Read-Only Data
Access
100% Data Coverage
Pre-Built Analytics
Automate Processes
DATA ACQUISITIONCaseWare IDEA helps you import and export data from and into a multitude of formats – including files originating from mainframe computers and accounting software (ODBC Connection to JDE) (SAP Import tool)IDEA
WORKING WITH IDEA
Pivot Tables
Reports
Charts
Exports
History
Project Overview
Automate
Import from virtually any source – from PDF to ERP
Extract • Sort • Search • Group Calculated Fields • Stratify • Summarize
Age • Gaps • Duplicates • Sample Statistics • Join • Append • Compare
1. Import Data 2. Perform Analysis 3. Review Results
PRE-BUILT ANALYTICS
• Aging• Duplicate Detection• Benford’s Law• Summarization• Stratification• Gap Detection• Advanced Statistical Methods• Multiple Sampling Methods
PRE-BUILT ANALYTICS: AGING
Use the Age Band column as the column field in the Pivot Table.
The oldest (i.e., first) date should be older than the oldest record. For simplicity, use “1” (1/1/1900) as the date. This will represent the “X days +” band.
• Complicated equations• No data integrity
• User friendly interface• Data integrity • Enter a few values,
receive results
PRE-BUILT ANALYTICS: BENFORD’S LAW
Frequencies predicted by Benford’s Law for First Digit, Second Digit, and First Three Digit tests.
• Not intuitive• Can easily override values• No drill down feature• No custom graph
• User friendly • Read-only access• Drill down feature• Custom graph
AUTOMATIC AUDIT TRAIL
IDEA automatically records all changes made to a file (database) and maintains an audit trail of all operations carried out, including the import and each audit test
CAATS IMPROVE AUDIT EFFICIENCY
Before Audit Analytics- Painful data collection and prep- Data corruption may not be
detected- Analysis difficult to repeat
consistently- Limited to sampling with large
data sets- Manually documented
With Audit Analytics
✔ Easily collect & prepare data
✔ No risk of data corruption
✔ Easily repeat analysis consistently
✔ Easily review 100% of data
✔ Automatically self-document
Inefficient, Incomplete, Unreliable Automated, Extensive, Reliable
HOW TO DETERMINE RISK
Before Audit AnalyticsRandom/Stratified Sample
With Audit AnalyticsExamine 100% of data
Risk missing key insightsData quality issueUnreliable results
✔ Quantify exact risk✔ Quickly dig deeper into data if
merited✔ No risk of data corruption
TEST FREQUENCY
Before Audit Analytics1 to 3 times per year
With Audit AnalyticsUnlimited (Monthly, Weekly, Daily)
Missed opportunitiesLack-luster reports
✔ Timely remediation✔ Insights into strategic risks
WHERE CAATS HELPArea SpecificsRevenue • Billing • Order to Cash
Expense• Purchase to Pay • Travel & Expense• Vendor terms
• Purchasing cards• Compensation
Working capital • Payment timing• More accurate forecasts
IT• Segregation of Duties • Authorized access only• Server configuration for performance & security
Compliance• AML (financial services)• FCPA• Evidence of proper controls
IMPEDIMENTS TO 100% DATA INSPECTION
Existing tools not up to the job New tools too difficult
“businesses also tend to have expensive “shelfware” that no one uses”
- Data Analytics, ISACA
Excel data limits Data impurities Shelfware
FINDING DUPLICATES
• IDEA clients find duplicate payments even when ERP “won’t allow” them
Area Control Data Analysis
Purchasing of Goods
Application should not allow duplicate payments.
Obtain purchase order dataValidate that no duplicate payments were processed.
POs older than 3 months will not be processed.
Obtain a list of all POs processed. Determine if POs older than three months were processed.
Creator of PO can’t release/approve same PO
Obtain a list of all POs created (by originator)Obtain a list of all POs released or approvedDetermine any inappropriate segregation of duties (SOD)
Payment
Application should not allow duplicate payments.
Obtain list of all payments made to vendors in last 12 months. Determine duplicate payments, for example: Same vendor ID, amount but different invoice number Same vendor ID, invoice number but different amounts Different vendor ID with same bank account detail.
Segregation of duties (SOD) Obtain a list of who has processed payment & who created the PO. Determine if inappropriate SODs existed.
INTERNAL CONTROLS ANALYTICS
SUMMARY
CAATs• Can import infinite amount of data• Meet Industry standards• Commands are simple & audit purpose built• Provide the ability to perform discovery and in-depth
analysis
CLOSING THOUGHTS
“CaseWare IDEA complemented our staff very well as running the analysis did not involve having any programming knowledge. Our team was able to leverage their domain expertise and get results very quickly.”
Chief Audit ExecutiveUS Higher Education Institution
LEARN MORE ABOUT CASEWARE IDEAContact us at [email protected]
REASONS YOU NEED TO STOP USING SPREADSHEETS FOR AUDIT ANALYSIS
AUDIT SOLUTION
Visit casewareanalytics.com Email [email protected]