Data Analytics in Internal Audit

Data Analytics in Internal Audit

To monitor and analyse the operational effectiveness of an organisation, an internal auditor plays a pivotal role. Gathering data, validating documents, generating results and providing feedbacks is the responsible of an internal auditor and becomes tedious for n number of reasons. To aid the work of an internal auditor, technology is playing an important part. By using Data Analytics tool not only fastens the process but makes it easy to locate loopholes in an organisations.

Top management of an organization relies on the internal audit report regarding the organizations risks, control environment, operational effectiveness, and compliance with applicable laws and regulationsInternal Audit for an organization is performed in an organization by the employees of the organization or external agenciesThe role of the Internal Auditor is very key, and the report to be submitted to the client or top management is very vital, as decisions are taken based on the report.  

Traditionally, the internal auditors use to verify the key contracts and used to do vouching of the documents created during the period. It is a time-consuming process and also a challenge to do in this manner when the organization expands leaps and bounds. Physical vouching is also a challenge in the case of big organizations, as all the documents cannot be verified. Coupled with this, the pandemic like situations where it is becoming to conduct audits traditionally. To meet these challengesthe Internal Auditors across the globe are embracing technology. The advantage of adopting technology is to validate and vouch for more transactions in a short spanidentifying potential frauds taking place in the organization or which have happened.  

The adoption of technology in Internal Audit is nothing but the usage of data analytics. Data is the new oil for the organizations. Data throws a lot of light on consumer behaviour, the patter of the sales, pattern on the purchases, etc.. All these are key elements in determining the strategy of the organization from time to time. In a pandemic situation, the external world is very volatile, and it has to be monitored constantly. With the drop in sales and lack of timely payment of salaries to employees, such employees tend to commit frauds to mee their daily needs like fudging the sales numbers or raising fictitious invoices, or changing the bank details of the suppliers when payments are being released. All these potential frauds or frauds which have taken place can be detected using data analytics. The main role of the Internal Auditor is to verify the effectiveness of the internal controls so that frauds or misappropriation or embezzlement of cash does not take place. Data Analytics can be used as a tool by the Internal Auditor to identify such cases. Now let’s understand what data analytics is. 

Data Analytics is a process of inspecting, cleansing, modelling, and transforming data to highlight data consistency, providing meaningful information, providing suggestions, and helping for structured decision making. 

How does it work? 

Implementing data analytics is an integrated approach and not a standalone process. The internal auditor’s team has to comprise team consisting of  

  • An expert from the industry  
  • A technical expert who knows the Database and able to develop queries  
  • Functional Expert, who can guide the Technical Expert to build and execute queries  
  • Communications Expert – to communicate with clients, handle change management & prepare reports  

`As it is an integrated approach, the audit team should consist of experts who will work in tandem and assist it in analysing the huge volumes of data and provide meaningful data for decision making. 

The process of implementing data analytics can be broadly classified into three steps, and they are  

  • Planning 
  • Execution  
  • Reporting  


The internal auditor has to decide in which areas the data analytics will be implemented. Once the area is finalized, the transactions have to be identified. These two steps will be based on the high-risk area for the first time.   


Execution refers to the process of implementing the areas in which data analytics will be implemented. In this process, the internal auditor has to monitor the queries being developed and identify the potential risk and also, if possible, project the risk for the future based on the data being analysed. 


The next important step is reporting, and the Internal Auditor has to ensure that the reports with the valid data is submitted to the client/top management. The report should also identify the root cause analysis along with the exceptions, if any. 

Types of Data Analytics  

Before executing the Data Analytics, the Internal Auditor should know the types of analytics he is going to perform are. It will assist him in preparing the audit universe and also interact with the concerned teams.  

Descriptive Analytics:  

Basis on the data availability, past trends will be known, and based on how it might happen in the future can be predicted.  

Diagnostic Analytics 

In diagnostic analysis, based on the historical data, the auditor will know what has happened in the future. It will also provide and insights on what were the causes of such events to happen and why it has happened.   

Predictive Analytics  

 They utilize the findings of both descriptive and diagnostic analytics to detect tendencies, clusters, and exceptions. They predict what is likely to happen in the future. 

Prescriptive Analytics 

To help businesses make better decisions through the analysis of raw data. Specifically, prescriptive analytics factors information about possible situations or scenarios, available resources, past performance, and current performance, and suggests a course of action or strategy. 

Now let’s understand with a small example on Data Analytics can be used to identify any potential frauds or revenue leakages, etc., In any organization, sales play a key role as it contributes to the top line and bottom line. It means there is always pressure on the sales team to meet their targets. To meet targets many times, special approvals are taken, and discounts are given. Giving additional discounts means decrease in the bottom line. The questions which will arise in the mind of the Internal Auditor are  

  1. For which customers it is given mostly? 
  1. Which salesperson is availing special approvals for additional discounts?  
  1. Is it happening in a particular quarter or end of the year? 
  1. Is it happening across the month or at the fag end of the month? 
  1. Are special discounts given on a particular product or all products? 
  1. Are there any customers who are buying only when there are special discounts? 
  1. Is there any nexus between the salesperson and the customers who are availing special discounts? 
  1. Are special discounts given before invoicing or post invoicing? 
  1. Is there any pattern of travel and special discounts? 
  1. Are the customers one-time customer or the same set of customers? 
  1. Is there any delay in realizations on such sales compared to the regular sales? 
  1. Are funds received from the same bank account for different customers? 

These would be some of the questions which the internal auditor will be having in his mind, and it will be tough to derive answers based using the traditional methods of Internal Auditing. The Internal Auditor has to adopt technology for this. Most of the organizations have ERP / inhouse billing software or accounting package. In such software’s there will not be any standard reports to answer the above questions. The only solution is to use data analytics. 

The sales process in ERP is normally termed as Order to Cash Flow (O2C), i.e., right from the collection of orders, packing slip, dispatch, invoicing, importing the same in Accounts Receivables, and accounting of collection of receipts form the customers. To prepare custom reports, the Internal Auditor should now the EntityRelationship (ER) between the various tables in the O2C flow should be known.   

A sample ER diagram for O2C flows of Oracle Financials is shared for identifying the relationship between various tables.   

Once the ER diagram is available with the Technical team member, he can understand the relation and write the queries and find answers which the Internal Auditor is having in his mind. 

Similarly, in the other areas, also Data Analytics can be used to detect fraud or potential frauds. Identifying the potential frauds will help the organization to red flag certain transactions or monitor some of the errant employees more effectively. 

Data analytics can be used in analysing the creditor’s outstanding payments. Data Analytics helps in the following 

Internal Audit of Accounts Receivables using Data Analytics 

  • Checking the duplicate credits given to customers  
  • Checking wrong credits into the customer’s account 
  • Checking the instrument series (Cheque/DD) differing from previous payments 
  • Checking the under receipt of payments from customers 
  • Checking wrong credit notes issued to customers  
  • Checking debtors aging analysis and its frequency Checking habitual default customers 
  • Checking the end to end profiling of the customers Checking the credit limit exceeding cases 
  • Checking the under-invoicing instances 
  • Checking the payment received one customer and credit given to another customer 
  • Checking the correctness of invoice matching with payment received 

Internal Audit of Accounts Payable using Data Analytics  

Data analytics can be used in analysing the creditor’s outstanding payments. Data Analytics helps in the following 

  • Checking duplicate payments, if any  
  • Checking unauthorized payments 
  • Checking the payments made for which material or services not received 
  • Checking the payments more than authorization levels 
  • Checking whether any credit notes eligible but not received  
  • Checking the trend or history of the creditors 
  • Checking the repeated purchases made from the same vendors 
  • Check the highest value or volume of purchases from single source  
  • Checking multiple invoices with the same date and same value 
  • Checking invoices issued on non-business days 
  • Checking the vendor experience, whether a new vendor or experienced 
  • Checking prices paid greater than the standard price 
  • Checking high-value emergency purchases frequently from the same vendor 
  • Checking the bid analysis and subsequent bid allotment Checking the payments made to dormant accounts 
  • Checking a significant amount of cash payments to the same parties 

Internal Audit of Inventory using Data Analytics 

  • Checking the repeated purchase of the same inventory items 
  • Checking the items with expiry date still in reflecting in the inventory with the full value 
  • Checking whether the items of inventory were procured based on the re-ordering levels or based on user indent 
  • Checking the velocity of the consumption of the items in the inventory 
  • Checking the linkage between Payment Voucher to Goods Receipt Note (GNR) to Purchase Order to Indent to ensure the entire cycle is authenticated 
  • Checking the items purchased at a different location but the same is available in different location of the same entity 
  • Checking the inventory located in third-party premises and ownership of the same 
  • Checking the inventory lying in the location for which GRN not made 

Internal Audit General Accounting and Compliance using Data Analytics 

  • To Identify and choose sample documents for Audit  
  • To check the compliances done or otherwise 
  • To check the maximum number of accounting entries passed by one single user 
  • To check the high-value transactions or journal entries passed 
  • To check the anonymous users and any abnormality or unintended entries in the books of account 
  • Whether the right percentage of tax deductions with amount is made or not 

The abovelisted points are indicative and may vary from organization to organization or Internal Auditor to Internal Auditor etc.,  

Running these queries are mostly resourceintensive and will consume of server memory and choke the application. Keeping in view of this, it is recommended to run the scripts at the end of the day or during the lean load on the servers. If they are required to run at regular intervals, they can be scheduled through a scheduler at the desired time. It is also recommended to execute the scripts/queries multiple times until the desired output is achieved by modifying the scripts. 

There is also a new challenge which is coming up nowadays; some of the organizations are moving away from onpremises to cloud as it is costeffective and also no challenges of maintenance of the servers.  

If the Internal Audit is to be made successful, the team should work together, and at the same time, the constitution of the team has to be taken care of accordingly. Using data analytics will ease the job of the Internal Auditor, and at the same time, it will be challenging as it is new, and he/she may face resistance from his team members, clients team, or the management. To make this process successful, the role of the communication expert is very vital as he can manage the change management process and ensure effective implementation or adoption of Data Analytics in the Internal Audit. In a pandemiclike situation, the new normal is working from home, and the adoption of Data Analytics will ensure the completion of the job on time and more efficiently.   


Any views or opinions represented above are personal and belong solely to the author and do not represent those of people, institutions, or organizations that the author may or may not be associated with in professional or personal capacity unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual 

Read More :