Auditor Struggles, Part 4

This is Part 4 of a Case File series that describes how real auditors tried to apply questionable methods to auditing and data profiling. See Part 1, Part 2, Part 3.

Does the Process X team provide metrics around their process?” I asked.

“Yes,” the most senior auditor replied, showing me the web page where the Process X metrics were displayed.

After reviewing the page briefly, I said, “I see they do metrics by month. You have a year’s data; are you planning to understand how they prepare their metrics and re-calculate them to see if you get the same numbers?”

“No, we weren’t,” the most senior auditor replied. “Why would we do that?”

“Are those metrics reviewed by management?” I asked. After the auditor confirmed this, I asked, “You don’t want to ensure that management is being provided accurate metrics?”

“I am sure anyone providing numbers to senior management is going to ensure their numbers are accurate,” the auditor said with contempt.

“I am not so sure,” I replied. “It wouldn’t be the first time IN THIS COMPANY I’ve discovered that management was provided incorrect data.”

“Isn’t that what internal audit does?,” I questioned the team. “Verify? Give assurance? Discover errors?”

No one said anything. By this time, I was wondering why they asked for my help.

It was obvious that they originally had thought they had covered everything and that I would be pleased.

I could tell that they didn’t think that any more.

Recap

Before we wrapped up the meeting, I summed up my suggestions for the audit team:

  • Make sure you get all the appropriate data.
  • The more you understand the data, the better you can decide what makes sense to profile. You asked good questions of your clients, you just didn’t wait for the answers.
  • Don’t profile all your data fields, only the critical ones that drive behavior, controls, or revenue.
  • The more distinct values in each column, the more it make sense to create a one-field pivot table; don’t waste your time filtering.
  • Don’t spend time gathering data that you aren’t sure you need.
  • Don’t assume that people always summarize and present the right data accurately.* Always verify.

*Didn’t these auditors just prove the veracity of this statement?

What do you think?

Leave a comment

Filed under Audit, Case Files, Data Analytics, Excel

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.