Steve Biskie is Best Practices Program Director for ACL Services, who writes market-leading data analysis software for internal auditors. ACL software like its peers from IDEA and SAS, among others, is an excellent tool for exception queries and structured data. At Visual Risk IQ, we use IDEA and ACL to analyze millions of records and isolate dozens of exceptions to be investigated by internal auditors. Results are often high-value, and can be made repeatable (i.e. Continual or Continuous Auditing) by automating data extraction and combining with workflow. Caseware Monitor (formerly known as SymSure for IDEA) and ACL's AX/2 are examples of emerging tools for continuous auditing.
Dr. Dan Kneer has retired from Academia and runs a firm called Dan Kneer Advisors. The Holy Grail of auditing according to Dr. Dan is regression analysis, and he advocates using the tool "already on every auditor laptop" (i.e. Microsoft Excel). Dr. Dan focuses on trending queries (e.g. the relationship between sales and costs of sales, or between sales and commissions) to identify outliers to be investigated in greater detail. Trending queries like regression analysis are highly useful, but we would advocate their use together with exception queries. And since IDEA and ACL each have regression analysis features, we would advocate using those tools instead of Excel due to improved audit trails and logging, as well as ability to work with datasets larger than 1 million rows. Dr. Dan's emphasis on analytical procedures have merit, and should be a component of a Continuous Auditing program.
Robert Mainardi's classes on continuous auditing receive high evaluations, in part because he keeps it simple. Strengths include visual reporting of risks and controls (color-coded heatmaps in MS-Office) and consistently reporting the results of audit procedures. A downside, per SAP's Norman Marks, is that "Mainardi designs continuous audit programs for clients that has limited use of technology. Missing the boat" We respectfully disagree with Mr. Marks. Instead of focusing on what's missing, let's focus on what's there. We see Mainardi's glass as at least half full, and would recommend that trending queries and exception queries be combined as part of the continuing auditing that Mainardi recommends.