Six steps to apply data analytics for risk assessment

Don’t know where to start with data analytics for risk assessment? Step by step, here’s a basic framework of how you can begin to apply data analytics to assess risk and controls in your organization.

While generic software like spreadsheets can get you started, purpose-built risk and control analytics technology will support more complex and valuable testing, issue management and remediation, and long-term sustainability.

1. Build a profile of potential risks

  • Develop a profile of potential risks as part of a risk assessment.
  • Consider using a risk scorecard and risk heat map to prioritize

2. Test data for possible risk indicators

  • Include ad hoc testing in addition to more formalized or regular tests.
  • Consider the spectrum of automated testing, ranging from ad hoc to repetitive through to continuous, where appropriate.

3. Improve the process by implementing continuous analysis

  • Use continuous analysis to test and validate the effectiveness of your controls—on a timely basis.
  • Provide management with immediate notification of red flags.
  • Create processes for control remediation.
  • Implement continuous analysis on a comprehensive basis across business process areas.

4. Review results

  • Investigate patterns and indicators that emerge from your analyses.
  • Quantify the risk.
  • Identify and target high-risk areas.
  • Consider the use of risk monitoring dashboards

5. Expand the scope and repeat

  • The process of building a profile, testing data, improving controls and reviewing information needs to be done on a regular basis.

6. Report

  • Make recommendations on how to tighten controls or change processes to reduce the likelihood of non-compliance.
  • Follow up and see if those recommendations have been acted upon and if they have had the desired effect.
  • Communicate, communicate, communicate. Impart “tone at the top” to the organization.
  • Why? Because unresolved exceptions have a negative impact on the organization.

Use risk and control analytics to assist in assessing risks in your organization; it will help drive increased efficiency into your audit work and identify data-driven indicators of emerging risks.

eBook: Don't navigate risky waters without internal auditors

Don’t Navigate Risky Waters Without Internal Auditors

This eBook gives guidance on leveraging data analytics for risk management, including risk-based audit planning, example analytics for identifying risk, and real customer stories.

Download eBook

Share This