Monday, September 14, 2009

IIA Presentation on Continuous Auditing - Thanks Baton Rouge!

Thanks and congratulations to the Baton Rouge IIA, who filled the room with more than 75 people for a one-hour lunchtime CPE session on making the journey From Data Analysis and Continuous Auditing. This was a terrific turnout for most any chapter, but especially for one the size of Baton Rouge, which is a testament to the effectiveness of their officer group. Thanks much Amanda, Renee, Staci and all other volunteers for their work to encourage such great attendance.

We opened the session with the thought-provoking "Did You Know" video to help the audience appreciate the rapid growth of digital information, and challenge the audit profession on how to keep pace with this growth. Sampling 25 or even 200 transactions just isn't enough when modern software allows us to test every transaction for control effectiveness, as frequently as daily or more.

Thirty of the 75+ lunchtime attendees stayed for the remainder of the afternoon for a more detailed discussion of the journey toward continuous auditing, where we explored Visual Risk IQ's proprietary continuous auditing maturity model in greater detail. During the last hour, we brainstormed ways to use disparate data for more innovative testing for identifying fraud. The group did an outstanding job, as evidenced by some of the following creative test suggestions:

- For a finance company that makes consumer loans to consolidate debt, compare the account numbers for payments made to credit card companies against account numbers of finance company employees, to make sure that funds are not diverted at closing from the consumer making the loan.
- For almost any organization, compare vendor address and phone numbers against employee home and emergency contact information in HR and Payroll files for possible undisclosed conflicts
- For a state agency, compare external information about known deceased individuals / SSN's to benefits payments made to employees and retirees
- And many others....

In each case, the participants suspended their "I'm not sure which file to ask for" and brainstormed what data would add to the effectiveness of their testing. By thinking about risk and controls, without the restrictions of "it would be difficult because....," some really excellent ideas were explored and discussed.


No comments: