Audit and internal controls challenges on the use of "Data Analytics"


Corporations that are increasingly embedded in a digital convergence environment must build business processes based on reliable data processing frameworks. Today the competitive advantage of some organizations is based on their capacity for innovation and use of electronic processes.
In this digital environment both the internal audit as well as the internal controls area must have and be proficient in the use of Data Analytics tools in order to support data collection and also their evaluations.
I have observed, by participating in some events on the subject and also in some of our projects that audits are investing in the ability to collect data, but not so much, in their ability to analyze the data collected. I also see that most of the time auditors and internal control specialists are being spent behind a computer screen, which I think is a mistake.
There are excellent tools to perform the data collection in the format that the auditor wants parametrizable in various forms and models, however, this process will be effective if there is also capacity for analysis by the auditor. The investment must be in the tool and also in the human being to be proficient in the analysis of the data, including the peripheral data.
Now all of this will pay off if the organization's database is truly reliable. ERP platforms are great vectors for loss of integrity if not well structured, including your access process. In a survey conducted by KPMG in 2017 only 35% of respondents said they had a high degree of confidence in the use of various types of analysis in their organization, which to me came as a surprise, expecting a higher percentage even though large companies have experienced information integrity issues in their business processes.
Another interesting point in this research is that executives and managers are being asked to make decisions based on information generated by algorithms they did not create and that do not fully understand them either.
With this in mind, let's go back to internal audit and control and understand the challenges they must face to conduct your assessment work in this new digital environment.
First of all, it is very important that internal auditing and internal controls have in their team professional with information technology knowledge, in order to be able to act in the evaluation of governance and IT management as well as to support the operational professionals of internal audit and control.
The next point is to form an opinion about the degree of confidence that will be placed in the processing of information through digital systems, data management and its security, as well as in the analysis models used by the managers. For this my suggestion is to observe the three points below:
1. Assess whether database management has the appropriate governance and control system to quickly identify any possible breach of integrity, confidentiality, and completeness.
2. Evaluate whether the analysis models and the algorithms used are doing the right things in the right way, achieving the desired results.
3. Evaluate whether electronic accesses and interfaces between processes are consistent and appropriate for the context. Both analysis models and data sources must be able to be replicated in a sustainable manner.
I have no doubt that the use of more complex systems by corporations, including the use of Artificial Intelligence for business decisions, is an integral part of the new corporate environment, bringing new risks and new challenges to the whole management.
Auditors and internal control specialists should be aware of all of those changes and innovations, preparing themselves and getting the appropriate proficiency to create value for the corporation through the execution of their work

Share this:

Comentários

0 comentários:

Postar um comentário