Perhaps no other corporate function is challenged more than internal audit departments. Internal audit teams are pressured to find hidden risk by their board, regulatory agencies, and the audit committee while at the same time often receiving a cold welcome from the functions they are auditing. Within financial institutions (FIs), internal audit’s value is recognized as the third line of defense for risk management within FIs behind business (first line of defense) and compliance (second line of defense). Internal audit is mandated to be the final pillar to ensure that a firm’s entities are properly managing risk. Advanced data science techniques, including artificial intelligence (AI) and machine learning, can assist internal audit teams in any environment to function more efficiently.
A statement from the American Institute of CPAs (AICPA) Assurance Services Executive Committee (ASEC) is highly relevant: “The profession needs to achieve a “quantum leap” to redesign audit processes using today’s technology, rather than using information technology to computerize legacy audit plans and procedures.”
Internal audit expenses are increasing yearly as noted by the Institute of Chartered Accountants in England and Wales (ICAEW). The ICAEW reports that audit fees increased 3.2 percent in 2015 and indicated that the majority of the attendees at the ICAEW November 2016 conference stated that cost and skill were the main reasons firms did not use data analytics in their audit work.
Whether in FIs or any size business, internal audit teams are tasked with reviewing internal controls, improper payments, cybersecurity, compliance, and a myriad of other topics. The one commonality in internal audit reviews is that they all require some type of data to be reviewed. When internal audit teams create annual audit plans, they routinely plan to take representative samples of data and then conduct a manual analysis to search for abnormalities or anomalous activity. Representative samples require the development of a time-consuming sampling methodology, which coupled with smaller data sets, can lead to potential risk gaps.
Available AI and machine learning solutions can assist internal audit teams to perform more efficient and effective audits of all programs, and are also uniquely situated to assist in identifying risks related to improper payments, FCPA, Anti-Money Laundering (AML), fraud, and insider threat matters.
As a hypothetical example, an internal audit team was tasked to audit a mid-sized bank’s Bank Secrecy Act program. As part of the prior year’s audit, the internal audit department asked the compliance team to provide a representative sample of 300 transactions over a three-month period. Internal audit manually reviewed the 300 transactions for any signs of missed risk reporting opportunities as it related to AML/Suspicious Activity Report (SAR) filings. The internal audit team identified one case in which the compliance team did not report a transaction/entity properly.
To counter the above hypothetical example, the internal audit team could have utilized an AI solution to review one year’s worth of transactions totaling over three million and automatically screened the transactions for known financial crime red flags. The impact of utilizing AI solutions is that internal audit can cover more programs cheaper and faster; thereby, protecting the firm from greater risk.
Today’s available AI solutions, utilizing Natural Language Processing, graph search algorithms, predictive analytics, and other techniques can greatly improve internal audit’s ability to interrogate data sources for evidence of financial crimes.