Transforming Internal Audit: Unleashing the Power of Data Analytics in Banking and the Public Sector

Data analytics for internal audit: tools, tips, and best practices in banking and public sector

Introduction to Data Analytics in Internal Audit

In the rapidly evolving landscape of banking and the public sector, internal audit functions face unprecedented challenges. Traditional methods of auditing are no longer sufficient to address the complexities and risks associated with these sectors. However, there is a beacon of hope — the transformative power of data analytics. In this blog post, I will share my personal experience in embedding data analytics to internal audit function in banking and the public sector. I aim to inspire and equip fellow auditors with tools, tips, and best practices that can revolutionise their approach and drive meaningful change.

Picture this: A team of auditors, armed with spreadsheets and manual processes, struggling to keep pace with the ever-increasing volumes of data flooding their organisation. That was the predicament my team and I faced not so long ago. Recognising the urgency to adapt and embrace the digital revolution, we embarked on a transformative journey.

We sought out cutting-edge data analytics tools and technologies that could harness the power of data to enhance our audit processes. Through trial and error, we discovered tools such as interactive dashboards, machine learning algorithms, and text mining techniques. These innovative solutions empowered us to unlock hidden insights, identify patterns, and detect anomalies within vast data sets. The ability to analyse data quickly and accurately became our superpower.

Embarking on a data analytics journey is not without its hurdles. As auditors, we faced resistance and skepticism from traditionalists who believed in the status quo. The fear of change and lack of knowledge about data analytics hindered progress. However, we remained transparent about our struggles and dedicated ourselves to helping others navigate this transformative path.

Data analytics has revolutionised the world of auditing by enabling auditors to analyse large amounts of data and draw insights that may have been otherwise difficult to uncover. Data analytics is the process of using statistical and computational techniques to analyse data and identify patterns, anomalies, and trends. In the context of internal audits, data analytics helps auditors identify potential risks and areas for improvement, detect fraud and other irregularities, and provide insights for better decision-making.

Both the banking industry and the public sector now place a greater emphasis on data analytics. Data analytics are utilised in the banking sector to enhance risk management, compliance, and daily operations. In addition, data analytics are used in the public sector to increase accountability, efficacy, and openness.

Benefits of Data Analytics in Internal Audit

There are six main benefits of using data analytics in internal audits:

1. Improved risk assessment: Data analytics helps auditors identify and assess risks by analysing large amounts of data from various sources. For example, by analysing bank transaction data, auditors can identify patterns that may indicate fraudulent activities.
2. Enhanced efficiency: Data analytics allows auditors to analyse data faster and more efficiently than manual methods. For example, using data analytics tools such as ACL, auditors can quickly analyse large datasets to identify anomalies and trends.
3. Improved fraud detection: Data analytics tools can help auditors detect fraudulent activities by analysing data for anomalies and patterns. For example, public sector internal auditors can use Benford’s Law to analyse financial data and identify irregularities.
4. Improved compliance: Data analytics can help auditors ensure compliance with regulatory requirements by analysing data for potential violations. For example, Banks use data analytics tools to monitor compliance with regulatory requirements, such as anti-money laundering (AML) and know-your-customer (KYC) regulations. This includes analysing customer, transaction, and other relevant data to ensure that banks comply with regulatory requirements.
5. Better decision-making: Data analytics provides auditors with insights that can inform better decision-making. For example, by analysing customer data, auditors can identify areas where the bank can improve its services to meet customer needs better.
6. Enhanced audit quality: By using data analytics, auditors can provide a more comprehensive audit that covers a wider range of data and transactions, resulting in better audit quality. For example, an internal audit team could use data analytics to identify data entry errors or inconsistencies in financial data, which would help ensure the data is accurate and complete.

Importance of Data Quality, Data Governance, and Data Management

The audit’s success depends heavily on the quality of data in data analytics. Inaccurate or partial results from low-quality data might damage the audit’s credibility. In addition, auditors must adhere to best practices for data governance and management, such as creating precise data definitions, guaranteeing data accuracy and completeness, and putting appropriate data security measures in place to ensure data quality.

Data Analytics Tools and Techniques

Data analytics tools and techniques are critical for successfully implementing data analytics in internal audits. And different ones are used in internal audits in the banking and public sectors.

Explanation of Different Data Analytics Tools

Data analytics tools can be broadly classified into three categories: data preparation, analysis, and visualisation.

- Data preparation tools

They are used to collect and organise data from various sources. They can help internal auditors automate the data collection process and ensure that data is in a format that can be easily analysed. Some popular data preparation tools include Alteryx, Informatica, and Talend.

For example, a public sector internal audit team is on a payroll investigation from the internal revenue service for potential payroll tax violations. The auditors would use Alteryx to collect all relevant payroll records, overtime records, timecards, contracts, and other documents from different admin, payroll and accounting systems, reducing the time and effort required for manual data entry and analysis.

- Data analysis tools

They perform complex data analyses and extract valuable insights from data. They help internal auditors uncover patterns, trends, and anomalies in data that may not be apparent through manual analysis. Some popular data analysis tools/languages include SAS, R, SQL and Python.

For example, SQL can be used by entities such as government agencies and banks to construct a risk evaluation model for detecting instances of financial fraud, identity theft, cyber fraud, and employee fraud. The model is developed by analysing potential fraudulent behaviours and determining the degree of risk involved, allowing for proactive measures to be taken to prevent such risks. This leads to creating a plan to mitigate or eliminate the dangers of fraudulent activity effectively.

- Data visualisation tools

They are used to represent data in a visual format that is easy to understand. They can help internal auditors connect to a wide range of data sources, including spreadsheets, databases, and cloud services, and create interactive dashboards and reports. With these tools, internal auditors can quickly identify trends and patterns, gain deeper insights into the data and communicate insights effectively to stakeholders. Some popular data visualisation tools include Power BI, Tableau, and QlikView.

For example, a bank’s internal audit team may use PowerBI to analyse loan data to identify trends in the types of loans being issued, the credit scores of borrowers, and the repayment rates of loans. They may create interactive dashboards to compare loan data across different branches or regions and identify areas where loan policies need to be revised.

- Text mining tools

Text mining tools such as IBM Watson and RapidMiner allow auditors to analyse unstructured data, such as emails, social media posts, and customer feedback, to extract valuable insights. These tools use natural language processing (NLP) algorithms to extract valuable insights from text data.

For example, a government agency may use IBM Watson to analyse social media posts to identify trends in public sentiment towards a particular policy or issue. They may create sentiment analysis reports to track changes in public opinion over time and adjust policies or communications accordingly. A public sector audit team can also use text mining tools to analyse employee feedback to identify compliance or ethical issues within the organisation.

- Machine learning tools

These are cloud-based platforms such as AWS/Amazon Sagemaker, Databricks, Dataiku, Datarobot, using languages like Python and R. The tools offer a range of pre-built machine learning models and algorithms that can be easily customised and integrated with internal audit processes.

For instance, a bank’s internal audit team might use AWS to build a machine-learning model to identify fraudulent transactions. They might utilise previous transaction data to train the model and then use it to flag suspicious transactions in real-time, lowering the chance of monetary loss.

- Predictive analytics tools

Predictive analytics tools such as SAS and SPSS use statistical algorithms to make predictions about future events or trends and outcomes based on historical data.

For instance, the internal audit team of a bank might utilise SAS to develop a predictive model to foretell loan defaults. In order to construct a prediction model that can identify clients at high risk of delinquency, they may study past loan data to find similarities in loan defaults.

How data analytics tools can aid in detecting fraud and identifying potential risks in both the banking industry and the public sector.

Data analytics technologies are being utilised more and more in the banking sector to identify fraudulent transactions like money laundering, identity theft, and other financial crimes. Additionally, they can spot transactions that go above predetermined limits or deviate from typical patterns, which may point to possible dangers.

• Predictive analytics can identify customers at risk of defaulting on loans or detect early warning signs of credit card fraud.
• Social media monitoring tools can help banks monitor social media channels for mentions of their brand or products.
• Text mining tools can help banks analyse large volumes of unstructured data, such as emails, chat logs, and other text-based communications. These tools can help auditors identify potential risks by analysing language patterns and sentiment analysis.

In the public sector, data analytics tools can also be used to detect fraudulent claims and potential instances of waste, fraud, and abuse:

• in the healthcare sector, these tools can identify providers billing for services not provided.
• in the public justice sector, these tools can be used to monitor compliance with procurement regulations and to identify potential conflicts of interest.
• in the public transportation sector, these tools can identify potential safety risks by analysing accident data.

Data analytics techniques can be effective tools for detecting fraud and identifying potential problems in the banking industry and the public sector. It is crucial to remember that these tools shouldn’t take the role of expert judgement and human judgement; rather, they should be utilised in addition to conventional audit procedures.

Data Analytics in Internal Audit Process

Data analytics can be used in various stages of the audit process, including planning, execution, and reporting.

1. Data analytics in audit planning:

Data analytics can help in planning an audit by providing an understanding of the data that is relevant to the audit objective. For example, for issuing permits for building construction by a government agency. Data analytics tools can help auditors look for patterns in the data that suggest fraud or abuse, such as permit applications that contain incomplete or inaccurate information or applications that were approved despite being located in an area with known environmental risks or other hazards. The auditor can then focus their resources on areas of highest risk and prioritise their audit planning accordingly.

2. Data Analytics in Audit Execution

Data analytics can be used during the audit execution phase to identify potential issues that require further examination. For example, in a banking industry audit, data analytics can be used to test compliance with regulatory requirements, such as the Bank Secrecy Act or Anti-Money Laundering regulations. In addition, the algorithms can be developed to identify suspicious activity and ensure that appropriate reporting requirements have been met.

3. Data Analytics in Audit Reporting and Decision Making

Data analytics can also be used during audit reporting and decision-making. For example,

• A government agency may use data analytics to analyse data on citizen behaviour, such as social media activity, to identify trends or patterns that can inform policy decisions. This could include analysing social media data to determine public sentiment on a particular issue, which could help inform policy or resource allocation decisions.
• In a banking industry audit, data analytics can be used to identify potential risks or control weaknesses. This information can then be used to make recommendations to management to mitigate these risks or improve controls.

Potential Challenges and Limitations of Data Analytics in Internal Audit

Potential Challenges and Limitations

Several potential challenges and limitations are associated with using data analytics in internal audits.

One of the most significant challenges is data quality. If the data used in the analytics is of poor quality, the results will be unreliable. Data quality issues can arise in the public sector when data is not standardised or when different data sources have conflicting data. For example, data quality issues can impact tax revenue projections or budget forecasting.

Another challenge is the availability of data. In some cases, the required data may not be available or may be difficult to obtain. For example, in the banking industry, data quality issues can arise when data is not collected consistently across different systems and processes or when data is incomplete or inaccurate. For example, inaccurate or incomplete data on customer transactions can result in incorrect risk assessments, leading to potential regulatory issues.

Data privacy is a major concern when it comes to data analytics in internal audits. This is particularly relevant for the banking industry, where personal financial information is sensitive and must be kept secure. In addition, public sector organisations also collect and store personal information, such as social security numbers and tax records, which must be kept confidential. In addition, data analytics in internal audits must comply with relevant privacy regulations, such as GDPR or HIPAA in Europe and in the US.

Strategies for Addressing Challenges and Limitations

Internal auditors can put a number of strategies into practice to solve the difficulties and constraints associated with employing data analytics in internal audits. To guarantee that the data utilised in the analytics is of good quality, building a data governance system is crucial. Second, internal auditors might collaborate with other departments within the organisation to guarantee the necessary information is accessible. Thirdly, internal auditors can put data security and privacy procedures in place to safeguard sensitive data.

Best Practices of Data Analytics in Internal Audit

Overview of Best Practices

To incorporate data analytics into internal audits effectively, it is essential to establish clear objectives, leverage technology, and ensure data accuracy. In addition, internal auditors should also develop a comprehensive data analytics governance framework to ensure that data analytics are used effectively and efficiently.

Data Analytics Governance and Oversight

One of the key best practices for implementing data analytics in internal audit is establishing governance and oversight processes to ensure that the analytics tools and techniques used are effective, efficient, and consistent. These objectives should align with the organisation’s overall goals and help drive the audit process. Clear objectives also help to ensure that the appropriate data is analysed and the results obtained are actionable. This includes establishing a data analytics strategy, creating policies and procedures that outline the purpose, scope, and methodology of the data analytics program, as well as defining roles and responsibilities for those involved in the program.

For example, let’s consider a government agency that has implemented a data analytics program in its internal audit function. The agency’s data analytics governance and oversight process includes the following:

• A data analytics steering committee composed of senior executives and business leaders to provide guidance and oversight for the program.
• Clear policies and procedures for the use of data analytics in internal audits, including data privacy and security considerations.
• Designated data analytics champions within the internal audit function to lead the development and implementation of analytics projects.
• A process for selecting and evaluating data analytics tools and techniques, including vendor evaluations and pilot projects, to assess effectiveness and efficiency.

Data Privacy and Security Considerations

Data privacy and security are critical considerations when implementing data analytics in internal audits. Auditors must ensure that they are accessing and analysing only the data necessary for the audit, including implementing measures to protect sensitive data, such as encryption and access controls.

For example, the retail bank has established the following data privacy and security considerations for its data analytics program:

• A data governance framework that outlines the policies and procedures for data privacy and security in the organisation.
• Data access controls that restrict access to sensitive data only to authorised personnel.
• Data encryption and secure transmission methods protect data in transit and at rest.
• Regular training for auditors and data analytics personnel on data privacy and security policies and procedures.

Conclusion and Future Outlook

Some banks have established dedicated data analytics teams to support the internal audit function. These teams are responsible for developing analytics capabilities and providing support to internal auditors. Other banks have implemented automated monitoring systems to detect potential fraud or other risks in real-time. The government agency’s internal revenue service department has implemented data analytics to detect potential fraud in tax returns by analysing large amounts of data.

As organisations continue to face increasing pressure to optimise their operations, the role of internal audit is becoming more crucial than ever before. Data analytics has emerged as a powerful tool for internal auditors to provide deeper insights into the performance and risks of an organisation. By leveraging the power of data analytics, internal auditors can provide more insightful and impactful recommendations that help organisations achieve their objectives and mitigate risks. Therefore, it is essential for internal auditors to embrace data analytics and continue to improve their skills and knowledge in this area to stay relevant and effective in their roles.

Looking ahead, the future of internal audit will continue to be heavily influenced by technology, and data analytics will remain a key component of the audit process. As artificial intelligence and automation become increasingly prevalent, internal auditors will need to adapt to new ways of working and embrace new technologies to remain effective.

If you found this article helpful, I’d appreciate it if you could show some love with a few claps at the bottom of the page. Don’t hesitate to leave your insights or feedback in the comments, and feel free to pass this along to your friends and follow me on Medium.

Some other articles from Jing Chen

• Customer Churn Prediction — A Step by Step Tutorial of Building XG Boost ML Model Part 1 — Exploratory Data Analysis (EDA)
• Time Series Forecasting — 6 steps to build a Stock Price Prediction LSTM Model: Give it a Try and See What You Can Get for the Next Day’s Stock Price
• Beyond the Spreadsheet toward Analytics Role Upskilling: A cheat sheet for people scared coding
• Mastering Financial Modelling 101: From Common Techniques to the Data Analytics Revolution
• The Power of AI for Data Analytics: A Comprehensive Exploration
• Empowering Decision Making in Banking and Public Sector: The Role of Financial Modelling and Reporting Tools
• Building a Risk Management Model: A Journey of Transparency and Resilience

Want to connect ?

• Follow me on Medium
• Connect me on LinkedIn