|Unsupervised anomaly detection for internal auditing: Literature review and research agenda|
Jakob Nonnenmacher and Jorge Marx Gómez
Published January 2021
Auditing has to adapt to the growing amounts of data caused by digital transformation. One approach to address this and to test the full audit data population is to apply rules to the data. A disadvantage of this is that rules most likely only find errors, mistakes or deviations which were already anticipated by the auditor. Unsupervised anomaly detection can go beyond those capabilities and detect novel process deviations or new fraud attempts. We conducted a systematic review of existing studies which apply unsupervised anomaly detection in an auditing context. The results reveal that most of the studies develop an approach for only one specific dataset and do not address the integration into the audit process or how the results should be best presented to the auditor. We therefore develop a research agenda addressing both the generalizability of unsupervised anomaly detection in auditing and the preparation of results for auditors.
|How internal audit can champion continuous monitoring in a business operation via visual reporting and overcome barriers to success |
Stacie Tronto and Brenda L. Killingsworth
Published March 2021
Many auditing professionals would contend that continuous monitoring is a function of management and not internal audit. However, effective continuous auditing is highly dependent upon a strong continuous monitoring system. Further, by integrating technology of these two systems, continuous assurance can be achieved, and audit efficiency and effectiveness can be improved through the reduction of costs and effort. This paper discusses how internal audit can collaborate with a business operation to develop a continuous monitoring application utilizing visual reporting and overcome the potential barriers to success. The specific business operation selected for modification was the procurement card program at a large public university. Following an introduction of the scenario, an overview of the ProCard™ program is provided, highlighting the program risks and controls. Third, a four-phased approach used to develop the continuous monitoring tool is described, including specific steps taken to ensure effective use of the real-time data by auditors. Fourth, challenges the internal function encountered when implementing the system are described, including how those challenges were addressed. Fifth, the paper provides concluding comments and future initiatives planned. Finally, the paper provides additional examples for continuous auditing and monitoring and suggests future research topics in this area.