There has never been more pressure on finance leaders to ensure
integrity in internal auditing and controls. Boards of directors want
assurance that official financial statements are squeaky clean, with
every piece of data in tables and in footnotes double-checked. There’s
zero tolerance for such funny business, as a business unit booking
revenue in one quarter while pushing related costs to the next.
In the digital age, manual/random audits no longer cut it. Companies
with millions of transactions to
audit need a more reliable way to gauge
who and what needs to be investigated — before accidental errors or
intentional malfeasance blow up to damage the company’s reputation and
hurt investors. The pioneers are looking for solutions in
technology-enabled auditing tools and processes.
How prevalent are such problems? In an effort to reveal how financial
management organizations use data analytics in their internal controls
function, APQC examined the number of internal control violations per
year per 1,000 employees at 70 companies. The best performers had 3.51
violations or fewer, while the worst performers were dealing with 34.23
violations or more. (See graph below.)
For a 10,000-employee company in the bottom quartile, that’s more
than 340 controls violations annually. Consider, too, that this 340
number represents the best performance among the laggards. And that’s
counting just the ones that were reported – many more could be slipping
below the radar. These companies may be exposed to integrity thieves and
not even know it.
How are the top quartile companies keeping violations down? APQC also
looked at what percentage of companies in the data set has automated
their primary controls. Companies in the top quartile had automated at
least half of their primary controls. At the other end of the spectrum,
the bottom quartile had automated 11.54 percent or fewer of their
primary controls.
It’s safe to say that more automation means fewer control violations.
All things being equal, it’s much easier to make an unintentional error
or fudge an accounting entry when data are processed and audited
manually. It’s also a whole lot more likely that a system screening 100%
of transactions will find suspicious activity that a random audit might
miss.
Automated transaction-processing systems, and direct links between
systems, can cut down on the manual line-item journal entries that allow
room for errors and bad intentions. If your company is seeing a lot of
corrections, adjustments, and manual non-recurring journal entries,
chances are your internal controls aren’t actually keeping things under
control.
As companies invest in internal audit automation, the companies they
hire to audit them are doing the same, on a larger scale. A recent
Wall Street Journal
article noted that the Big Four audit firms have invested millions of
dollars in advanced data analytics and artificial intelligence
technologies that can be customized to each client and told to crawl
through enormous volumes of data, identifying outliers, recurring
patterns, and audit risks.
These intelligent platforms use advanced algorithms to actually
“learn,” making comparisons and spotting trends across a vast sea of
data. They don’t take vacation days, they never get sick, and they work
around the clock. But as powerful as they are, AI auditing systems can’t
replace the humans working behind the desks in your audit department.
The souped-up systems just allow people to make optimal use of their
time and to focus on the “red flags” that might never have popped up in a
traditional audit.
But all the automation in the world can still miss big problems if
the intelligent auditing systems aren’t asking the right questions.
Those are all about finding things that will have a real impact on
business strategy. It doesn’t happen in a vacuum: Truly successful
analytics are enabled by nicely fitting intersections among technical
capabilities, enterprise knowledge, data governance, and smart
leadership.
It’s time to move beyond basic automation and start asking the right
questions. Because the robots aren’t just coming to change the world –
they are already here.
Mary C. Driscoll is a senior research fellow in
financial management at APQC, a nonprofit business benchmarking and
research firm based in Houston.