The pandemic presents challenging times for many corporate compliance and internal audit functions. Despite a new way of working, the mandate for compliance and internal audit professionals remains the same: identify and manage risks to the business. To do so, companies must continue strengthening their compliance programs, updating their risk assessments, adjusting audit plans and priorities, and tailoring internal controls.
For most companies, these internal challenges are mounting as resources are streamlined and other external factors arise. Nevertheless, the compliance and internal audit functions must provide assurances to senior management and boards of directors that they have taken steps to mitigate significant risks.
Compliance and internal audit teams must determine how to conduct effective compliance and internal audit testing procedures in this new world. The right solution will vary depending on the company’s risk profile, results of risk assessments, and other variables such as the nature of the business and industry. However, the use of data analytics, which continues to be an efficient tool for compliance and internal audit professionals, has proven to be effective in ensuring necessary steps are being taken to mitigate fraud and abuse.
Data analytics and the risk-based approach
Data analytics let companies employ a risk-based approach and prioritize efforts where issues might arise. Organizations relying on random sampling when testing internal controls or conducting substantive testing over high-risk transactions rarely have material findings or meaningful audit procedure results; it’s a needle in the haystack approach.
Well before COVID-19, data analytics was delivering value in compliance efforts. A good example is its use in identifying college admissions fraud. So, it’s no surprise regulators increasingly turn to it in investigations.