Why is such a high proportion of audit and fraud investigation work still done with nothing more than word processing packages and spreadsheets? Dozens of proven tools for forensics and data analysis exist, and vendors are eager to get more users signed on. The official line throughout the profession is that computer-aided audit is now an accepted, standard practice and continuous controls monitoring has been on everyone's lips since at least 2001.
Yet there is a large, obvious gap between expectation and reality that auditors in general, and fraud examiners in particular, have trouble crossing. I'm sharing writing duties this issue with Dean Brooks. Dean and I co-authored this year's "Buyer's Guide for Audit, Anti-Fraud, and Assurance Software." While researching the guide, we talked with vendors and users and identified three main obstacles:
We estimate that 50 percent of all audit data analysis is performed by no more than 5 percent of auditors and fraud examiners. These are the mentors and leaders who train and explain. If you're operating in a small group and no one within the group has experience or aptitude, you face an uphill battle. We found that thousands of smaller banks, CPA firms, and medium-sized businesses bought analysis software but then abandoned it, largely for this reason.