Data Analytics: Identifying and Responding to Business Risks Efficiently

Every time a company processes a transaction there is risk. Be it accidental errors such as duplicate entry, incorrect posting, and transposing numbers or intentional misconduct, all might be difficult to spot. As technology has advanced, so has the speed and volume of transaction processing. More is done in less time, which potentially increases the likelihood of error.

What can be done to prevent or mitigate these risks? Internal Controls. When designed properly, Internal Controls can detect a risk once it happens, or better yet, prevent a risk from happening in the first place.

Under the COSO Internal Control-Integrated Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.*

An example of an internal control is the three way match between a Purchase Order, a receipt of the goods and the related invoice. The control is that the match ensures that the invoice has the authorized price from the Purchase Order and that the quantity agrees to what has been received.

Designing an effective system of Internal Controls is just the beginning. Once designed, it is important to test the Internal Controls to make sure they are operating effectively. The traditional method for testing would investigate a sample size of roughly 25 invoices. If there are exceptions, the sample size will be increased. If there are no exceptions in the first 25, the Internal Controls were deemed effective. Without automation, this is the typical way to test the transactions and make assumptions on the entire population by extrapolation since there are too many transactions to manually test each one.

But what if there were errors, just not represented within the sample? Using CAATTs is the answer.

Computer Assisted Audit Tools and Techniques (CAATTs), is the practice of using software such as Excel or Access, or specialized Audit software such as ACL or IDEA, or ERP specific tools built into SAP or Oracle to automate or simplify the audit process. CAATTs are an efficient way to test all transactions, providing 100% assurance on the effectiveness of Internal Controls.*

What are the benefits?

• Large amount of data can be examined efficiently
• Timely identification of business risks and exceptions
• Business days are not interrupted with information requests to pull paper samples
• Once established, running the tests is simple and very cost-effective

What are the drawbacks?

• Setup time requires IT resource knowledge and availability
• Knowledge of the software to create the tests accurately
• Different system applications at different locations requires different tests to be created

To learn more about using CAATTS to identify and respond to business risks more efficiently visit www.vonyaglobal.com or contact Vonya Global for a free consultation.

* Excerpts taken from www.wikipedia.com