assurance
More power for internal audit
assurancenews
Focused data analysis can uncover problems, opportunities
BY DONALD E. SPARKS
Our economic situation has prompted many companies to rethink how they conduct business,
which includes taking a closer look at expenses in an effort to control costs. Accountants and
internal auditors should be working aggressively to identify weak or missing controls, reduce risk,
and detect fraud in an effort to offset the lower revenues most companies are experiencing.
While system and data errors can serve as a
breeding ground for fraud and abuse, internal
auditors can apply data analysis techniques
to identify issues within the organization’s
data. Data analysis tools allow the auditor
to interrogate large volumes of data, and
run multiple queries to look for and extract
unknown information, which assists in detecting internal control violations, errors and
potential fraud.
For example, travel and entertainment expenditures are often a significant business
expense and may be the difference between
generating a profit or loss for the period. By
conducting regular audits of T&E expenses,
organizations can improve internal controls
over employee costs and establish a tone of
compliance for all employees to follow.
When auditing T&E expenses, the auditor needs to gain a clear understanding of
processes for approving, recording and reimbursing expenses. Data analysis may be used
during the planning phase by providing summary information for scoping purposes, such
as calculating average amounts. If the data
is available in electronic format, the auditor
may use a pivot table to prepare summaries
of expense types by employee and extract the
most frequently reimbursed employees or
those who charge the majority of their travel
expenses to “miscellaneous,” which should
be a rarely used option on expense reports.
This preliminary information can be shared
with management to justify the time and resources needed for a full review.
As risk assessments are conducted each
year, internal auditing and management
should look for gaps in controls, and work
to improve expense monitoring activities.
Data analysis tools can help identify the root
causes of why procedures are redundant,
missing, deficient or defective.
An appropriate risk-based methodology
will help set audit priorities based on probability of occurrence and impact. Areas to review and test may include business information systems and the business units that own
or maintain each system, data life cycles for
each system, and system permission levels.
Obtaining T&E expense reporting data is
a key step for auditors and management, including how the data is collected and managed. With adequate and reliable data, internal audit can assess T&E processes and
look for opportunities to leverage savings,
or identify fraud. Some data sources to consider are: employee reporting forms, pre-trip
booking, travel agency booking, credit cards,
budgets, travel advances, authorization levels
and foreign exchange currency rates.
During the testing phase, internal audit
should identify, analyze, evaluate and record sufficient information to achieve the engagement’s objectives. Testing should cover
the accuracy and propriety of the expense
report transactions, as well as the integrity
and reliability of the performance management information system. Various volume
and service level agreements may require
testing as well.
Auditors must provide the necessary documentation to support findings and communicate the conclusions. Report-writing is
another audit area where data analysis can
be used to align the test results with the report requirements. Data analysis tools help
maintain the history of analysis activities to
support audit conclusions and ensure the auditing work did not introduce data integrity
and reliability issues into the workpapers.
During the closing conference, the internal
audit team should share experiences that will
help strengthen monitoring activities and improve future audits. This should include recommendations to management about how
to be sure that past or new problems do not
arise, which may be accomplished weekly,
monthly or periodically through continuous
auditing and monitoring.
Continuous auditing is not a tool, but rather a process for auditors to follow for planning, risk assessments, control assessments
and use of technology to perform audit work.
It can bridge the gap between the audit report
and the practice of ensuring that the identified issues have been rectified.
STANDARD WOULD TIGHTEN
PROSPECTUS REPORTING
NEW YORK — The International Auditing and Assurance Standards Board has
proposed a new assurance standard to
address the process of compiling pro
forma financial information included
in prospectuses. The newly proposed
standard is designed to enhance public
confidence in how such financial information is produced.
The proposed standard, Assurance
Reports on the Process to Compile Pro
Forma Financial Information Included
in a Prospectus, deals with information
necessary in many forms of domestic
and cross-border securities offerings that
illustrates the impact of an event or transaction on an issuer’s financial information. It provides guidance on the nature
and extent of a practitioner’s work when
reporting on whether the process of
compiling pro forma financial information
has been properly followed. It also covers
related engagement acceptance and
reporting considerations, and provides
an illustrative report arising from such an
engagement.
To access the exposure draft or submit
a comment, visit the IAASB’s Web site at
www.iaasb.org/exposuredrafts.php. Comments are requested by Sept. 30, 2010.
Donald E. Sparks is a vice president with
Audimation Services Inc., a provider of data
analysis technology and training services.
Reach him at dons@audimation.com.
CALIBRATING THE RESPONSE
While internal auditors are responsible for
telling management where controls are working as designed, they are also responsible for
uncovering significant errors, irregularities or
noncompliance, and being alert to fraud. The
first step in developing a response is determining the level of response needed — extensive, moderate or minimal. The application
of data analysis can assist in these areas to
help search for errors and irregularities, and
tests may be used by the operating units to
improve internal controls.
While general office applications such
as spreadsheets are familiar to most staff,
they may not be sufficient for auditing techniques including acquiring, merging, sorting
and sampling data. Data analysis tools are
designed specifically for conducting audits
— to match and join data from multiple
sources, search for specific text, and use date
and time fields.
AN EXAMPLE
The following is a brief case study of how expense reports became a starting point of the
development of a continuous auditing approach that helped reduce risk and improve
overall controls.
See POWER on 17
NASBA NAMES NEW COO
NASHVILLE, TENN. — The National Association of State Boards of Accountancy has
promoted Ken Bishop to the job of chief
operating officer.
Bishop has served as senior vice president at NASBA, as well as past chairman
of the NASBA CPA Mobility Task Force,
the CPA Examination Administration
Committee and the NASBA Executive
Directors Committee. He has also served
on the American Institute of CPAs’ Board
of Examiners. Bishop will succeed former
COO and current executive vice president Joseph T. Cote, who will retire from
his post on Jan. 1, 2011.
In addition, NASBA announced that
the former vice president of its Professional Credential Services subsidiary,
Denise Hanley, has been promoted to
president and CEO of the subsidiary. She
will succeed Bishop in this position.
