Your internal audit function plays an important role in achieving the balance between cost and value, while making meaningful contributions to the organization’s overall governance, risk management, and internal controls.
Our advanced analytics takes this a step further. The table to the right sets out how our three key analytics will help you transform your internal audit to lead your organization’s overall risk management efforts. Our financial analytics look at every transaction reported in your general ledger, does a risk assessment and pinpoints where to focus your efforts. Using our analytics, results in:
- identifying enterprise-wide cost efficiencies
- providing strategic insights that improve business performance
- providing key insights that focus on the risks that matter
- detecting financial anomalies
|Transformational Activity||Financial Analytics||Governance Analytics||People Analytics|
|Align all activities with the organization’s key business objectives||YES||YES||YES|
|Improve audit efficiency and effectiveness, and streamline processes to drive cost savings||YES||YES||YES|
|Offer broader risk coverage and be proactive about current and emerging risks||YES||YES|
|Enable cost efficiencies across all business units||YES||YES|
|Identify and employ the right internal and external skills||YES|
|Create competitive advantage by contributing to sustainable business improvements||YES|
Corporate scandals and frauds, privacy invasions, compromised ethics, system hacks and governance lapses
Things are likely to get even more chaotic with the increasing complexity of regulations, technology, mergers, acquisitions, and globalization. These phenomena create new demands, challenges, and opportunities. Each one also points to the necessity for competent internal auditing. An internal audit function assists management with its risk assessment process and ensures that the responsibility for maintaining a system of internal controls is in place.
Today, more than ever, internal auditing is critical to strong corporate governance, risk management, effective internal control, and efficient operations.
The first step in an internal audit is your books. An internal audit function need not be a significant investment. You do not need to hire an entire department. You can outsource or co-source the function. A very efficient option begins with a preliminary risk assessment and then a prioritization of the areas of need. Our financial risk assessment service pinpoints the financial transactions that need further investigation.
We find the anomalies using the MindBridge platform. It significantly cuts the efforts and cost of an internal audit team.
Using this tool, management has a built-in safety net and these partners:
- risk manager
- controls expert
- efficiency specialist
What will the Board and management gain from internal auditing using our services?
Our financial analytics provides you with the ability to offer assurance that you reviewed 100% of GL transaction. It also saves you time on the financial part of your internal audit function.
We believe that internal audit is most effective when it 'reports' administratively to management and functionally to the Audit Committee. Our tool offers the following benefits:
- expanding the scope of the internal audit
- providing more information to improve the 'control environment'
- moving the organization to be more process-dependent instead of person-dependent
- identifying redundancies and gaps in financial control procedures
- improving efficiency and effectiveness
- establishing an early warning system to detect anomalies and remediate them on a timely basis (i.e. before external, regulatory or compliance audits)
- increasing accountability within the organization
- encouraging an anti-fraud culture
Schedule a demo
Download our paper about Demystifying AI
Posts — Internal Audit Team
Kingston Smith UK Chartered Accountancy adds MindBridge AI Auditor technology to its data analytics suite
Thomson Reuters Tax & Accounting Reaches Agreement with MindBridge Analytics Inc. to Deliver Data Analytics Capabilities as Part of Audit Suite
FAQ — Internal Audit Team
MindBridge is bridging the gap between human and artificial intelligence by enhancing professional judgment across multiple industries. Recent advancements in artificial intelligence have enabled a new class of converged analytics to analyze financial transaction flows and better detect anomalies - unintentional mistakes/errors and intentional. Using algorithms based upon smart data science, MindBridge generates actionable insights through an interactive, user-friendly visual interface to help organizations minimize risk exposure to a financial loss while supporting audit professionals to meet and exceed regulatory and industry standards. Using the MindBridge Ai-Auditor is enhancing professional judgment as far less time is spent searching for anomalies and more time determining the underlying causes of the anomalies.
The MindBridge application has been tested by industry leading professionals and is proven to detect anomalous human activities and transactions that current incumbent systems cannot.
Year Founded: 2015
MindBridge Ai Auditor is a revolutionary approach to analyze financial transactions to detect anomalies - unintentional and intentional - by automating manual processes and providing a risk-based assessment to help organizations ensure compliance and minimize their exposure to financial loss and liability.
MindBridge AI Auditor - Enhancing Profesional Judgement
The MindBridge AI Auditor is bridging the gap between human and artificial intelligence (AI) by enhancing professional judgment across multiple industries. Recent advancements in artificial intelligence have enabled a new class of converged analytics to analyze financial transaction flows and better detect anomalies - unintentional mistakes/errors and intentional.
Using algorithms based on data science, MindBridge generates actionable insights through an interactive, user-friendly visual interface to help organizations minimize risk exposure to the financial loss while supporting audit professionals to meet and exceed regulatory and industry standards. The MindBridge application has been tested by industry leading professionals and is proven to detect unusual human activities and transactions that incumbent systems cannot.
Financial Transactions Analysis, Evolved
The tools currently used to analyze financial transactions are not keeping pace with the needs of today’s auditor and investigator professionals. Existing computer assisted audit tools are often time-consuming to use and do not provide the insights and analytics required to help effectively advise auditors or develop a comprehensive financial analysis. MindBridge offers intelligent audit technology to help increase the speed and accuracy of every audit and investigation.
Comprehensive analysis for accurate audits
Current audit and investigative techniques are limited by time and tools, restricting the financial analysis to random sampling and data filtering. What if you could review every financial transaction in the general ledger from every entry across every department?
With MindBridge there is no data set too large, meaning the system is capable of reviewing 100% of the data provided and calculating a risk score for every process or person that interacts with corporate data. This is how you can find more instances of financial misstatements suspicious financial discrepancies.
Intelligent anomaly detection to help you:
- Uncover more misstatements & potential fraud by reviewing 100% of corporate data
- Know where to look due to intelligent risk-scores
- Smarter control points that combine best practices and data science
- An intelligent system leveraging machine learning that adapts to your needs
Take financial audit efficiency to the next level
Automation is key to maximizing the efficiency of each financial audit or review your organization performs. By removing manual processes, it is possible to streamline time-consuming activities, which frees up team members to use their expertise more effectively.
MindBridge’s Ai Auditor helps you be more efficient by offering:
- Smart data ingestion of your financial records saves you time importing and shaping data files
- Automated risk-scoring is based on a blend of control points and anomaly detection algorithms to help guide you to entries that appear suspicious
- Automated insights recommend similar items to look at and which steps to take next
An unbiased analysis of each transaction history based on numerous control points and data science algorithms.
For maximum impact, the system is intuitive requiring little to no training meaning it can be used by anyone for the most basic of investigations, audits and all the way up to a forensic investigation.
A visual summary of all transaction data and risk scores so that each auditor and investigator can determine where to focus instead of using sampling techniques alone.
Better Meet Audit Standards
- Leveraging Artificial Intelligence to meet and exceed standards including:
- SAS 99 Fraud in a Financial Statement Audit
- IAS 240 / CAS 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
- Know where to look due to intelligent risk-scores
Automatically assigns a risk score to all transactions to focus audit, 100% coverage of all transactions.
Intacct Web Services, modern web-browser (Chrome or Firefox are preferable)
Price: contact: email@example.com
One of the perhaps the most obvious and yet still most consistently recurring municipal corruption related problems for local governments is conflicts of interest, possibly due to the many and varied circumstances in which such conflicts may arise. The prevalence of this type of corruption is demonstrated by the amount of legal authority and case-law available on the topic.
- the offering, giving, receiving, or soliciting of any item of value to influence the actions of an official or other person in charge of a public or legal duty
- taking money to give people preferential treatment. identified areas of concern include bribes from developers in permitting process, payback for zoning decisions, equipment contracts, or service contracts, bribery of building inspectors to obtain permits, bribery of elected officials for development variances and approvals, bribery of planning staff to obtain recommendations for development approvals
- may take the form of inappropriate gifts/sponsorship such as hockey tickets and other gifts for politicians and/or staff
- cronyism may include awarding contracts to people affiliated with the municipality or corrupt official, patronage appointments based on connections rather than qualifications, awarding contracts at inflated prices
- nepotism may include such issues as favoring family members in municipal hirings, zoning regulation changes based on friendships among colleagues rather than disinterested analysis
- misappropriation of money or resources under a local government official or employee’s control
- making false claims for benefits in order to abuse systems such as social security
- occurs when a public official forces someone to give them benefits in exchange for acting/ not acting in a particular way, or when an external actor does the same to a public official
Conflicts of Interest
- a personal interest in a matter that goes beyond the interests of other members of the community, and might reasonably be expected to influence the elected official’s performance of his or her duties e.g., close links between developers and city staff, campaign contributions from developers, conflict in contract awards, personal interest in administrative decisions
Breach of Duty
- local government officials and employees ignoring applicable municipal legislation, e.g. sale of municipal assets for less than market value
Misuse of Authority
- lack of transparency/democratic concerns such as inappropriate use of in-camera meetings, non-public altering of official records, dishonesty concerning legislative options
- fraudulent use of expense accounts such as reimbursing inappropriate expenses, double expensing – influence on independent third party bodies, such as boards, which are intended to be at arm’s length
- including organized crime, internal theft/fraud, petty theft/fraud
source: Municipal “Best Practices”: Preventing Fraud, Bribery and Corruption – Elizabeth Anderson
Soon, you'll log in to your accounts, and you will notice a blue bar towards the right of the screen. At present, the cupboard is bare, but the full in-app documentation will be rolled out in the coming weeks. You'll be able to use this feature to get easy access to all things related to the MindBridge Ai-Auditor! It'll even be available right at your fingertips via your mobile device!
Throughout the course of the next few weeks
You're probably wondering, "what is this thing?", or "finally!" or, "I love it!". But, after months of talking to our customers, we are happy to announce that we will soon be offering an in-app support feature that'll get you all the help you need in order to effectively and efficiently use the MindBridge Ai-Auditor.
Going forward, when you log into your account, you will always notice this little blue bar towards the right of the screen. At present, the cupboard is bare, but the full in-app documentation will be rolled out in the coming weeks. No firm date yet, but by golly it'll be spectacular!
Soon you'll be able to use this feature to get easy access to all things related to the MindBridge Ai-Auditor! It'll even be available right at your fingertips via your mobile device!
With in-app support you will be able to:
- Have access to in-app chat from Monday to Friday between 9 AM and 5 PM (EST).
- Get uninterrupted navigation of your MindBridge Ai-Auditor account.
- Seek explanation of the key features of your account.
- Get instant access to information you need about any aspect of your account.
- Book a call with a MindBridge support team member at any time.
- Read detailed descriptions for all releases (constantly updated).
- Quickly see the status of our servers.
- Get email support for off-hours.
Throughout the course of the next few weeks, you will receive additional emails informing you more about in-app documentation, and other support initiatives.
It’s important to note that an unusual transaction depends on the context. An unusual transaction for one company might be completely normal for another company. The internal audit team has a better sense of what’s normal in an organization.
In our fraud case, study the CFO reversed Cost of Goods sold. It was flagged as highly unusual.
Machine learning is often used to spot “red flag” patterns in structured data (data with a predictable structure, like spreadsheets, databases, and financial data formats). Examples an unusual transaction include identifying suspicious insurance claims, unusual banking transactions, and credit card activity.
Machine learning is also useful in network relationship analysis. In this application, machine learning explores the connections between people and entities. Often complex, relationship networks are quickly quantified with an unsupervised learning approach called “clustering” allowing the examiner to efficiently find key relationships and the web of communications and influence. The source of such data is often corporate email, but may also include phone records and social media.
Machine learning is the subfield of computer science.
computers have the ability to learn without being explicitly programmed
It evolved from the study of pattern recognition and computational learning theory in artificial intelligence. Data scientists construct algorithms that learn from the data and adapt over time.
The focus is statistical learning. Machine Learning deals with predictions and not causality. It is effective at developing more complex relationships than humans can process. It performs well in nonlinear and interactions settings.
Examples of Machine Learning Application
- Assessing financial transactions - Advanced detection of anomalies through flow analysis of transitions. The MindBridge Ai Auditor uses machine learning to detect anomalies.
- Outage grid management – Predict storm damage and direct workflow and assets, thereby minimizing outages and operational costs
- Wire-Down Management – Identify key drivers in wire-down events and direct preventive measures
- Self-driving cars
- Classifying DNA sequences
Other applications for machine learning
- Adaptive websites
- Affective computing
- Brain-machine interfaces
- Classifying DNA sequences
- Computational anatomy
- Computer vision, including object recognition
- Detecting credit card fraud
- Detection of network intruders or malicious insiders working towards a data breach
- Email filtering
- Game playing
- Information retrieval
- Internet fraud detection
- Marketing machine learning control
- Machine perception
- Medical diagnosis
- Natural language processing and understanding
- Optimization and metaheuristic
- Online advertising
- Recommender systems
- Robot locomotion
- Search engines
- Sentiment analysis (or opinion mining)
- Sequence mining
- Software engineering
- Speech and handwriting recognition
- Financial market analysis
- Structural health monitoring
- Syntactic pattern recognition
- User behavior analytics
The MindBridge data scientist team consulted extensively with auditors to determined the default control points values. Remember, marking them all as 100% is like you saying everything is important to you. Not really conducive to finding what you don’t like. These values provided a reasonable risk profile.
We recommend that you start out with the values at default. Over time adjust your weighting to focus on a specific risk area.
Depending on the rule-based and Machine Learning-based risk scores for every transaction will be assigned an aggregated risk score and grouped into low, medium, and high-risk strata(i.e., buckets), which allows for easy prioritization and further review from the audit team.
Rule-based control points
For rule-based control points, the control point indicators should be customized to consider client-specific risk areas. For example:
- Weekend entries might be normal business practices for one company and irrelevant to them, but highly suspicious for another.
- Material Value may be set to something other than 0 because most organizations do not care about 0.00$ transactions. They consider that “normal”. That’s not to say that every company is the same, but if it’s important to include it audit for a client, then enabling it to be >5% (with a value of whatever you wish, e.g., $100) would say that anything that has a value > $100, start giving it a higher Risk Score because that’s important for our analysis.
The reversal control point flags transactions which are reversals of a previous transaction in the ledger.
The reversed control point flags transactions which are reversed by a subsequent transaction in the ledger.
The algorithm kind of finds both at once and then pairs them together. The earlier one is “reversed” and the later one is “reversal”.
Here’s an example
Basically a normal buyer/seller relationship is
- I sell you something
- You give me money
- I give you what you paid for
- You’re happy
What Manager 1 was doing, is that he was pretending to be the Buyer
- He would sell himself goods
- Take the money
- Shortly after, he’d ‘return’ the item into Inventory, but never actually took the money back. This is known as “Reversed“.
- He went back into the books and adjusted the original transaction. This is known as “Reversal“.
Reversal happens when they go back and adjust the original ‘purchase’ (i.e., previous). Reversed is “oh darn, they returned their goods. we gave them back their 100$” (how a typical return happens. The Manager in this case just wasn’t returning the $)
This is a common type of fraud where someone would say, “look how much money we’re making! We sold so much!” then they would reverse the transaction and say, “oh darn, they returned all their stuff… 🙁 but thanks for all the money you paid us for our stock!!”
Machine learning compares the data set by looking at Row 1 and its columns vs Row 2 and its column data. Then, Row 3, etc. The MindBridge Ai-Auditor ingests 100% of the file. It then analyzes 100% of the file with 100% of the rest of the file. This is hard to explain as this is the background of how the MindBridge Ai-Auditor works, but it takes data from the GL and breaks them down into ‘nodes’ where the machine learning occurs.
We use this approach in all of our financial risk assessment services and examine every transaction.
Data Set — An Example
The example follows a simple use-case: CITY POPULATION. Imagine every dot represents 1 person in a city.
Those circled by Green show that it’s within normality. In that, the large part of the population lives near to one another. There isn’t anything odd about where they live. That’s not to say that once you dive in you won’t find anything (there might be cases of crime, theft, etc), but from a high-level, it looks normal.
Then, Orange is starting to show that the distribution of people is starting to scatter. This is odd. Why is that? Why are they living slightly further away from the general population?
Now, those in Red are real outliers. Why are they so far from not only the general population but also from one another? What is the story behind these dots?
This is what you would consider a High-Risk %, and would need further analysis.
Think of MindBridge Ai-Auditor like that when it breaks the file down. Think of machine learning as everything a human cannot do. There is absolutely no way a human would be able to ingest 100% of the file for 100,000 Journal Entries. More so, a person would not be able to properly map out every single entry into a format that makes sense.
Due to the unique and creative ways employees “game” the system with purchasing cards and expense reimbursements, machine learning is also useful in identifying previously unknown schemes in these areas. These activities can create unusual combinations of debt and/or credit.
Case experience has shown machine learning to be effective in identifying purchasing behavior such as frequent vendors, unusually consistent amounts, certain transactions that occur in tandem with each other and items occurring with unusual regularity. Similarly, expense reimbursements may be flagged as unusual by a machine learning based system that may not conform to typical rules-based observations such as rounded amounts, “just under” threshold amounts and the traditional Benford’s Law analysis.
It basically boils down to the fact that we (humans) cannot analyze the entire file and find trends in that data. Machine learning in the MindBridge Ai-Auditor can decompile the entire structure, observe trends, identifies unusual combinations and present that information. These are anomalies that are ‘unusual’, and which the auditor might not have thought about.
Machine-based learning anomaly detection
Machine learning is a useful type of artificial intelligence. Machine-based learning anomaly detection looks at all the numbers. It is able to learn without predefined decision rules. Machine learning constructs its own decision tree based on meta-tagged data, e.g., “red flag” or “not,” to decide how “red flag” transactions are related. Machine learning applies the learned logic to new data and is remarkably adept at making the right decision. Machine learning’s ability to learn from a complex array of data and not just a few variables leads to greater accuracy.
Traditional analytics rely on rule-based methods to detect anomalies. These decision rules follow simple Boolean logic: if a vendor address matches an employee address and its wire transfer account matches the employee bank account, then it is likely a fictitious vendor.
Another type of machine learning called “unsupervised learning,” constructs decision trees without meta-tagged data; it identifies patterns of interest and anomalies using its own decision-making criteria. This allows fraud examiners to find new forms of fraud not previously detected or codified into rules-based methods. Both supervised and unsupervised machine learning systems are self-refining, in that they become more accurate as more data is encountered.
At present, the MindBridge Ai-Auditor only 1 GL can be analyzed. It’s ideal to have 12 or more months of data rolled-up into 1 file.
Cohort Analysis (ie., analyzing multiple files, such as 12 files where 1 file is 1 month) is something that’s coming in the future in our sub-ledgers update.
Read Mansbridge's Story.
Data for machine learning
There is not a 'one size fits all' answer to answer the question: "What is the minimum sample size required to train a deep learning model. The amount of training data you require is dependent on many different aspects of your experiment:
- How different are the classes that you're trying to separate? e.g. if you were just trying to classify black versus white images then you'd need very few training examples! But if you're trying to solve ImageNet then you need training data on the order of 1000 examples per class.
- How aggressively can you augment the training data?
- Can you use pre-trained weights to initialise the lower layers of your net? (e.g. using weights trained from ImageNet)
- Do you plan to use batch normalization? It can help reduce the amount of data required.
Data scientist work to squeeze maximum advantage from a small training dataset to give the best results.
You can bulk create tasks for those reports, export and print them in the MindBridge Ai Auditor.
You can also create reports by going to Transaction Table, Filter on what you want, then go to Bulk > Export, and voila!
MindBridge Ai-Auditor Local
The minimum requirements to deploy the MindBridge Ai-Auditor in your environment are:
- 6 vCPU, 24 GB RAM
- 3 disks
- OS - 16 GB ○ Data - 270 GB (thin, SSD)
- Backup - 270 GB (thin, nearline)
The MindBridge Ai-Auditor requires considerable computing power. We recommend our secure cloud-based solution.
Here are some pros and cons of cloud vs in house servers.
PROS AND CONS OF CLOUD SERVERS
|No need for onsite hardware or capital expenses. Well suited to rapidly growing companies that may outgrow their infrastructure too quickly.||The user experience is limited by the speed of the Internet connection.|
|Easily scalable; can be added to as needed. Solutions are often on-demand, so you only pay for the options you want.||Third party cloud services could have direct access to your data.|
|Workers can connect from anywhere, using any computer, tablet, or smartphone. Companies can implement BYOD (bring your own device) policies.||If the Internet goes down on your side or on your cloud provider’s side, you won’t have access to any of your information.|
|Data can be backed up in the cloud as regularly as 15-minute intervals, minimizing data losses in disaster situations.||The costs can outweigh the benefits for companies not as dependent on uptime.|
PROS AND CONS OF IN HOUSE SERVERS
|Gives you physical control over your server.||Requires a capital investment in hardware and infrastructure.|
|Keeps critical data in-house; no third party has access to your information.||Requires space in your office for rack space or a server room/closet, as well as dedicated IT support.|
|No need to rely on an Internet connection for access to data.||May be more susceptible to data loss during disaster situations due to in-house location. How often you take the data offsite will reflect how much data you’ll lose in an emergency.|
|Can be more cost-effective for companies that are not as concerned about uptime.||No uptime guarantees.|
Technically, No. We’re able to ingest exports from most accounting software programs into the MindBridge Ai-Auditor and use it in our financial risk assessment services.
However, some data massaging might be needed to have them conform to some requirements.
- Account Number
- Account Description
- Transaction ID
If anything fails during upload, we’ll work with the client by
- requesting permission to view the file
- adjusting the ingestion process to take that file into consideration
For instance, there are some ledgers that have account numbers after the ####-#### format. At present, those cannot be ingested, but by working closely with us, we’ve made, the next update will take allow those formats, but we also work with the client to ‘adjust’ the column(s) to work today while addressing the future.
Exporting from Oracle/SAP works. the column names must be uniformed as outlined them above. Oracle has uses a format such as, “ACNT_DESC”. Changing that to Account Description will work.
Rules in the machine based learning anomaly detection in the MindBridge AI Auditor "if yes, then this”. They are specifically geared to check a use-case. If something falls outside of the scope because the rule was not geared to catch it, it’ll go unnoticed. Think of it this way, if I told you to only pay attention to tell me how many people in red shirts came into the store today, you’re only going to report back the number of red shirts while ignoring every other coloured shirt.
See our complete set of financial analytics that use machine based learning anomaly detection.
Traditional analytics rely on rule-based methods for anomaly detection. These decision rules follow simple Boolean logic: if a vendor address matches an employee address and its wire transfer account matches the employee bank account, then it is likely a fictitious vendor.
Machine learning is a useful type of AI that is able to learn without predefined decision rules. Machine learning constructs its own decision tree based on meta-tagged data, e.g., “red flag” or “not,” to decide how “red flag” transactions are related. Machine learning applies the learned logic to new data and is remarkably adept at making the right decision. Machine learning’s ability to learn from a complex array of data and not just a few variables leads to greater accuracy.
Another type of machine learning, called “unsupervised learning,” constructs decision trees without meta-tagged data; it identifies patterns of interest and anomalies using its own decision-making criteria. This allows fraud examiners to find new forms of fraud not previously detected or codified into rules-based methods. Both supervised and unsupervised machine learning systems are self-refining, in that they become more accurate as more data is encountered.
The MindBridge Ai-Auditor machine learning translates every incoming GL into a language the machine understands (the 5 account mapping feature). Because of this translation, the machine is able to understand the monetary flows within a GL and identify unusual transactions. Traditional CAAT tools don’t do that, they simply scan numbers in isolated (for example show me all weekend entries). They don’t need to understand the GL to find such transactions.
Machine learning translates the GLs use in our suite of financial compliance risk services.
MindBridge Ai-Auditor Internal Audit
Existing practices in financial anomaly detection typically use rules-based systems to find breaches of control. An example of such a rule is a transaction amount limit.
Using rules-based systems is the backbone of today’s auditing methods. However, often this approach fails to find material financial misstatements and fraud. Clever fraudsters understand these rules and get around them. Rules only capture what is explicitly coded into them.
Rules are designed and implemented for each known circumstance that requires control or management. This means rules based systems will not catch unanticipated scenarios. Even with the example of the transaction amount limit, the commonly known way to ‘work around’ simple limit rules is transaction splitting. Often the rules themselves create the opportunity or scenario for the exploit. The data from the Association of Certified Fraud Examiners shows that the higher the education level of the perpetrators, the higher the loss the organization suffers and in most scenarios the perpetrators have at least a University level education.
Tip-off most likely way to catch a fraudster today
The most likely means of which a fraudster gets caught today is through a tip-off, roughly 40%, and industry associations tell organizations to add “fraud hot lines” to gather these tips. Conversely, automated controls and IT systems based on rules only catch a small percentage of scenarios — approximately 3%.
The rate of fraud is increasing and the time to detect fraud is also increasing. In almost every measurable way rules based systems which use data sampling are losing this battle. To compound the problem, Lexis Nexis estimates that the cost to correct $1 of fraud is $2.40.
It’s time for a change because clever people will figure out a way around rules.
Yes. CAS 240 is the Canadian Audit Standard that deals with the risk of management override of control. This standard needs to be met in all financial audits regardless if the auditor’s risk assessment gives concern for such an override or not. This risk is unpredictable and requires special audit considerations.
The main approach suggested in CAS 240 to address this risk is to test journal entries for material misstatements due to fraud or error. CPA Canada acknowledges that practitioners struggle with this goal. The wide-spread use of sampling techniques to select journal entries for testing gets increasingly criticized.
CAS 240 Compliance — Five step approach to guide auditors
To assist practitioners we propose a five step approach to guide auditors through the process of identifying and testing journal entries:
- Understand the information system and business processes relevant to financial reporting.
- Make inquiries of people about inappropriate or unusual activity on the processing of journal entries and other adjustments.
- Select the journal entries and other adjustments with characteristics of potentially inappropriate journal entries and other adjustments.
- Test the appropriateness of journal entries and other adjustments.
We describe each of these steps in detailed documentation and show how our approach meets and exceeds the CAS 240 requirements. It is a must for auditors. It makes sense that management uses the high standard that their auditors will use in their internal review processes.
It is often the case that it is not a single transaction that indicates an anomaly but a group of transactions such as a recurring monthly event. As such, normal outlier detection does not work as it is often a set of transactions that individually may seem to be normal or acceptable practices but collectively do not follow normal or acceptable practices. To address this, outlier detection is built in several layers to consider how rare a given business process may be and the outlier score of transactions based on other transactions in its group, and the ledger.
Anomalies such as financial misstatements, or fraud, are often not detected because they are carefully hidden among other similar transactions. Sophisticated fraudsters hide their work among similar account interactions and values.
This is where outlier systems need to consider many dimensions of the data at once. While human beings are good at seeing an outlier in 2 or 3 dimensions, a machine can do the same work tirelessly, considering 10 or more dimensions at a time. This capability helps machines to spot the outliers which are hiding next to normal activity and within an established process.
Below is a comparison of MindBridge versus traditional audit analytics tools.
Traditional Audit Analytics Tools
Coverage of testing
|100% of known areas of interest||100% of known and unknown cases||MindBridge|
|Trusted, but outdated technology||Breakthrough technology, with growing evidence of its effectiveness|
(MindBridge positioned to surpass)
Knowledge curve (coding)
|100% of known areas of interest||Not required|
Ease of use (user interface)
|Cumbersome, requires repetitive, extensive user training||Highly visual, intuitive with little-to-no training|
|Time-consuming to set up rules for each client file||Not required|
|Dependent on ERS resource||Self-service||MindBridge|
Composition & depth of algorithms
|Rules are hand-crafted scripts and results are logged.||Packaged industry standard rules enhanced with automated, scientific algorithms, results are logged and exported||MindBridge|
|Rules are created to handle each case||Once flagged, machine learning automatically excludes them from future analysis|
|Built-in, automated “smart ingestion” leveraging machine learning|
|Subjective & selective: reliant on professional skepticism and experience to find potential financial misstatements||Objective & inclusive: AI risk-based analytic tests prescribed by the Center for Audit Quality, plus extended analysis that further improves audit assurance|
This is an excellent approach. Most organizations under 500 employees do not have an internal audit process. It will give you facts to show those who think you are too small that you are exposed to the same risks as big companies.
Today organizations face an unprecedented confluence of risks. Two-thirds of CEOs see more threats to their business than opportunities. To stay competitive, you must pursue two parallel strategies: risk resiliency and risk agility.
Forward-looking companies have both the solid infrastructure and processes to help them weather any storm, as well as the flexibility to move quickly to meet new opportunities.
A comprehensive internal audit function plays a critical role in helping your organization achieve good governance—by providing an independent and objective assessment of your risk management strategies and control frameworks.
- when spending is expanding rapidly
- when revenues and spending are under pressure to contract
Budget cuts may sometimes be necessary
Audit committees and oversight authorities should consider their options carefully before the make a decision to cut internal audit. This services is important for several reasons, as internal audits:
- ensure accuracy of financial reporting — As organizations seek greater access to capital markets, the accuracy of financial reporting becomes particularly critical
- give assurance of efficiency and effectiveness — operational audits and performance audits are among the principal services offered by many government audit organizations
- foster greater accountability by shareholders and stakeholders — accountability over the effective use of scarce resources is vital
- find opportunities for cost reduction and containment — when forced to make difficult choices on which services to continue as revenues falter, your internal auditors are uniquely positioned to offer insights and perspectives to management
Most important of all, internal audit fosters good governance — especially when the effectiveness of board oversight is increasingly being questioned.
You can learn about how we use advanced financial compliance analytics to conduct a financial risk assessment in audit, internal audit and financial due diligence for merger and acquisition work.
You may find the Top 14 Financial Frauds of All Time to be of interest.