Domo + Moss Adams: Internal Audits and SOD Management with Automated Data Analysis
By K.C. Fike, Senior Manager, Data Analytics Consulting Services, Moss Adams
Data analytics can help many internal audit organizations improve the quality, depth, and coverage of their work, and may contribute to keeping operating costs relatively flat.
Analytics can be used during planning by assessing risk and monitoring segregation of duties (SOD) during these phases:
- Analyzing financial statements
- Testing to identify exceptions
- Identifying internal control gaps
Once data analysis and mining are integrated into the internal audit process, continuous auditing and monitoring can be used to automatically test user access reviews and journal entry authorization, the propriety of expense reimbursements, and out-of-period adjustments, among other audit tests.
While the benefits are vast and internal audit data analytics has dramatically improved, its use by internal audit functions has lagged. This is often due to two challenges.
Challenges in Integrating Data Analytics into Internal Audits
There are two main challenges that impede companies as they implement data analytics tools, such as Domo, into their internal audits:
- Obtaining and understanding data
- Harnessing data
Obtain and Understand Data
Internal audit departments struggle to obtain, access, or understand the data needed to perform their work.
Start with data you’re comfortable with by working with data you understand and have worked with before.
Starting with the data, know what you need to perform your audits, what you’re auditing, and then align the departments within your organization to assist in harvesting that data.
This aspect of data analytics is often more challenging. To improve their audit processes, companies strain to harness their data and develop effective visualizations and tests.
Cloud-based data analytics tools could help internal audit departments establish auditing and continuous monitoring routines.
For example, Domo, a business intelligence platform, can make custom data analytics reports that can create targeted data visualizations and tests.
How Domo Creates Automated Data Analysis
Domo, with its data warehouse, provides numerous ways customers can harvest their existing data through the use of more than 1,000 pre-built data connectors—including Netsuite, Systems Applications and Products in data processing (SAP), and Microsoft SQL Server.
These connectors make data ingestion straightforward and keep data refreshed in real-time. Combine up-to-date data with your visualizations and analytics in Domo and you’ll have a fully automated analytical process.
Roadmap to Implement Internal Audit Data Analytics Tools
Incorporating data analysis and mining into internal audits doesn’t happen overnight—it’s a process.
This roadmap spans the first three years and beyond. The checklist may help with implementing automation in data analytics tools within your audit process.
Checklist to Implement Internal Audit Data Analytics Tools
SOD Risk Management via Automated Data Analytics
Implementing an effective process to monitor and identify SOD could help:
- Mitigate fraud
- Prevent errors within your financial reporting processes
- Ensure Sarbanes-Oxley (SOX) controls are followed
If you have SOD controls within your control environment, you often face a burdensome process. Not only do you have to maintain and update an SOD matrix to evaluate conflicts, but you likely work with application owners or database administrators (DBAs) to pull user and access lists to evaluate where conflicts exist.
Consider how frequently you perform this analysis. Is it once a year? If so, there’s the risk an end-user was assigned a conflict early in the calendar year and then exploited that conflict while your analysis detects it almost a year later.
SOD Management’s Data Analytics Solution
Domo’s SOD management analysis tool can help:
- Eliminate the need for building massive Excel Spreadsheets with VLOOKUPs of VLOOKUPs
- Centralize your SOD matrix, rank conflicts by risk, and evaluate results in real time
- Save time and money by addressing SODs through automation
Domo Usage Example
This summary card with drill-through capabilities shows the current count of SOD conflicts by area and risk level using the Domo automated data analytics tool.
This analysis was built within a Domo DataFlow, which allows retention for future use and limited access to who can modify the data.
Upload a spreadsheet, or ideally, connect your ERP or source system to have this analysis done in real-time and set an alert when a threshold of users is exceeded.
Domo Heatmap Example: SOD Conflicts by Area
How to Implement an SOD Management Data Analytics Solution
First, an organization will need to have a defined SOD matrix, outlining the incompatible roles and ranked according to risk. Within this matrix, depending on the application being analyzed, the organization will need to define the levels of access that correspond with the incompatible roles.
From there, the SOD matrix, along with the access rights from the source system will need to be added to Domo’s extract, transform, and load (ETL) tool, Magic ETL. For example, you can upload a client’s SOD matrices into Domo as a standalone table and use connectors to pull the application access rights.
Once the data is in, you can then utilize Domo’s heatmap card to analyze as shown in the example above. In addition to the heatmap card, users can also set alerts when numbers increase, such as, setting an alert if any of the critical conflicts increase.
Learn more about Moss Adams
Learn more about data analytics tools and how Moss Adams can help integrate business intelligence platforms into an organization’s processes here.
You can also learn more about Domo’s SOD management and other tools that can be customized for individual needs.