Risk based auditing approach has become the de facto standard for auditing. Internal auditors and forensic accountants are increasingly being required to apply risk-based approach to all facets of their work. The importance and benefits of risk-based auditing is crystal clear for all who cares to see.
In this article on risk-based data analysis, I will be exploring the steps forensic accountants and internal auditors can practically and efficiently analyzing data using a risk based methodology for maximum efficacies in results. We perform data analysis in all fields for various reasons – the contents of this article will be tailored towards meeting the organizational goal of mitigating and preventing frauds.
What is risk based data analysis?
A risk based data analysis is a relatively new methodology that starts the process of data manipulation from the stand point of gaining understanding of the dataset (present data or future data) through the use of questions. This way of analyzing data is increasing becoming popular as more big data creation tools are released every day.
Five risk based data analysis process for auditors and forensic accounting experts
Enquiry and questioning stage: just like every risk based engagement, the starting point is to ask questions about a given situation. For the purpose of analyzing data, the questions are geared towards understanding how best to go about the given task. Examples of questions to ask during this enquiry stage are:
- What do I intend to achieve through analyzing this data? This in other words means that your objectives for embarking in the data analysis exercise needs to be clear. Your risk register and audit plan would be of immense help here.
- Will the dataset provide me needed insights? The critical success factors for this exercise will be evaluated at this point.
These datasets may or may not be given to you. So, when the data is not provided to you, the questions you have asked above would act as a compass that direct your data gathering efforts.
Data gathering can be done in many ways. Depending on the area you are working on, it may be as simple as downloading dataset from a database (example could be the stock exchange), scraping webpages, plugging into an API or as difficult as building your own dataset through manual process of capturing data. Ready made data can come in a variety of format.
There may also be a need to combine data from multiple sources, in varying quality and quantity.
Data wrangling stage: this is the phase where data are gathered if not given already, assessed for consistencies with objectives, available tools, methodologies that you are exposed or conversant with, etc and cleaning that dataset. Data wrangling phase is what most people consider to be the most crucial phase of risk based data analysis as the output will go a long way in ensuring the quality of product of the whole process will not be questionable or compromised.
Data probing stage: this is when you explore the data for possibility of augmenting the data with the aim of maximizing the ease / potential of being a fit for your analysis and visualization efforts. This is where tweaks are made to the features and outliers removed so that the end result will not be significantly altered.
This sometimes is referred to as the due diligence stage as it ensures that all the ‘T’ is crossed and all the ‘I’ are dotted. Data analysts commonly refer to this phase as EDA (Exploratory Data Analysis) stage of data analysis. This is because this is where free flow critical thinking is used to really make sense of various components of the dataset.
Conclusion stage: the major task here is to establish a pattern or behaviour and then use these to either make a prediction or make an inference. However, the nature of internal audit and forensic accounting tends to restrict these professionals from making inferential claims. So, the conclusions that are made here are purely based on the actual facts.
Although there is not wrong with making conclusion based on indirect evidence but in order to limit the litigation exposure, it is highly recommended to stick to conclusions that are backed by concrete direct evident.
Communicate stage: it is generally agreed that accounting is a major communication tool. Therefore, forensic analysts or auditors that are involved in risk-based data analysis must be excellent in numerical communication and other forms of communication. The conclusion(s) derived from the conclusion phase must be clearly communicated in the language, format and volume that is understood by the intended recipients of the output.
Most times every member of the internal audit team is assigned different tasks, the person that is saddled with the responsibility of analyzing the data must be able to communicate findings to other teams’ members for their use. Always remember that your analysis is only as good as your ability to communicate it to others in a way that they fully understand what it is you are communicating.
Follow up stage
Note that the data analysis tasks end at communicating findings. This further step of follow up is standard in all audit engagement, it is not part of the data analysis process but definitely forms a crucial part in the audit or forensic accounting process. You have to follow up with the recipient of your conclusions to make sure that they are inn agreement with all that you have posited.