Audit Analytics for End User Computing

Print Version

Internal audit teams are critical in providing business assurance through their cross-departmental view of operational risk. Their mix of business and IT skills enables them to evaluate the effectiveness of internal controls. Traditionally, however, departmental audits are cyclical, with potentially long gaps between audits. These gaps create risk: what losses due to errors or inefficiencies could accumulate over time and what damage might a fraudster do?

Nowhere are these problems more acute than in the audit and control of end user computing (EUC) applications – principally spreadsheets and MS Access® databases. These applications can easily be corrupted within one day of a clean audit, leaving problems to accumulate, unseen, for many months.

One of the obstacles to more frequent oversight of EUC processes is the availability of resources. There aren’t enough audit staff and there isn’t enough money to hire more. Another obstacle is the sheer volume of EUC activity. It is difficult to scrutinize all this data and distinguish potential anomalies from normal business activity. Finally, where internal audit has the ability to identify control breaches or indicators of risk, how can this be objectively communicated to management?

To overcome these obstacles, both audit and business process owners can embrace EUC audit analytics technologies to evaluate and monitor the effectiveness of existing internal controls. When audit analytics are automated and run on a continual basis, they form the core of a continuous auditing or continuous monitoring system. Automation also acts as a productivity multiplier for internal audit by eliminating time-intensive manual testing, freeing up time to chase down highlighted risks.

Through static eDiscovery and dynamic analytics ClusterSeven automates the analysis of key EUC-supported processes for rapid detection of control vulnerabilities. This is key to safeguarding the business from risk and improving overall business performance.

Three examples of dynamic analysis are provided by the automated maps below. These show the data flows from central applications through spreadsheets to their final consumers. Each one has been colored to expose control vulnerabilities.

These examples represent just one dimension of the power of ClusterSeven audit analytics. We would be pleased to show you more.

Print Version