Analytics in Internal Auditing

In the context of internal auditing, analytics is the analysis of a large population of data to obtain insights and improve business performance, reduce risk, and maximize business value. Applying analytics to the internal audit process can facilitate moving beyond the traditional internal audit activities toward an environment of more sophisticated risk analysis and monitoring.

Analytics consists of three major areas: descriptive analytics, predictive analytics, and prescriptive analytics.

• Descriptive analytics answers the questions: What has happened in my business? Why has it happened? What do I know about my customers, competitors, suppliers, etc.? Examples of this are business intelligence (BI), reporting, advanced visualizations, etc.
• Predictive analytics answers the questions: What is likely to happen? What is likely to be true about my customers, competitors, suppliers, etc.? Examples of this are forecasting, regressions, data mining, simulations, etc.
• Prescriptive analytics answers the questions: What should I do? What is the best course of action given what I know and what I think will happen? Examples of this are optimization, mathematical programming, heuristic algorithms, etc.

As the business landscape for most organizations becomes increasingly complex and fast paced, there is a growing movement toward leveraging advanced business analytic techniques to refine the focus on risk and derive deeper hindsight, insights, and foresight into the organization. Business analytics holds incredible promise to enhance the internal audit process. Key to delivering on this promise is embedding analytics into the culture of the internal audit function.

However, to derive the benefits, the internal audit function must acquaint itself with the knowledge of this great tool. One of the biggest challenges that the internal audit process faces today is the expectation of the audit committee that internal audit should support the business by delivering deeper insight and greater value more efficiently and effectively. Some of the more challenging expectations of internal audit include:

• More effectively identifying and responding to risk
• Delivering more robust and effective analysis of key issues
• Providing more meaningful actionable insights
• Driving change within the business