All You Need to Know about Audit Management
Audits have come a long way. Actually, they have always been there and are spread throughout all areas of our lifes. From ordinary things like ensuring that our children have brushed their teeth—an action to reduce the risk of bad teeth, unhappy children, and high dental costs—to more advanced audits in which we check if a producer has used inappropriate additives, which endanger the integrity of its products.
However, the way we plan and perform audits today is very different from how they were planned and performed in 1960, 2000, or even 2010. Part of this is due to the fact that we have seen loads of new regulations and standards emerge in the audit sector over the past couple of decades (Figure 1), which have lead to more standardization (but also redundancies). More importantly, though, we have seen a significant technological shift.
New Technologies Drastically Change Today’s Audit Management
Today’s news are filled with self-driving vehicles, block chains, and emerging business fields like fraud protection services and services that can read more and understand text better than you can (well, sort of at least). I hear you thinking: “Ya, ya—all those hypes. Most of them won’t succeed anyway. So, why should I bother?“ And you are right; around 50% right, at least.
The US based consultancy and research giant Gartner figured out that new technologies follow a certain hype cycle (Figure 2). When new technologies evolve, expectations first rise with a very high rate (the hype) but then quickly fall into the so called trough of disillusionment. Some technologies are abandoned at this point. The successful ones, however, slowly rise again into the plateau of productivity where they typically meet about 50% of all the expectations people had at the hype’s peak. This is the point where they enter your daily job routine, with visual data discovery like graphs and pie charts in MS Excel or other tools being the perfect example.
But what is in it for today’s audit management? When methods such as neural networks and machine learning algorithms surfaced, the way for predictive analytics and data mining was pathed—technologies that allow us to go way beyond classical Business Intelligence (BI) approaches to inform our decision making. This emerging field is called explorative BI and deals with advanced statistical analysis, machine learning, pattern recognition, predictions, simulations, and planning optimization. Buzz words aside, these new methods allow us go from asking backward-looking questions like “what happened?” and “why did it happened?” to asking the forward-looking questions “what will happen?” (prediction) and “what shall we do?” (optimization, planning).
The „Important Four“ – Informed Decisions in Audit Management
Decision making is a fundamental part in audit management and the very basis of the overall outcome of audits and controls. In order to make good decisions, we first have to answer loads of different questions. Which Auditor shall audit whom and when? Shall we change audit criteria? On which basis? Shall we educate our auditors differently? Shall we change the audit cycles and, if so, how? Shall we use more desktop audits?
But what are the questions that matter the most? In a research project at Wageningen University in cooperation with Intact GmbH we investigated what the lowest common denominator is in both audit management and audit decision making. The result is: you ultimately have to answer four questions before sending someone to an audit:
- WHAT shall be audited?
- WHOM do I have to audit?
- HOW shall the audit be performed?
- WHEN shall it take place?
We call these questions the “Important Four”. The question of WHAT simply refers to what we have or want to audit. This can be on a rather general level like with general hygiene topics, the way a standard is implemented, or the general flow of goods. In other cases we have to look at more detailed level, like how a critical control point for cooling is measured or if analytical instruments are calibrated. In some cases this is very clear and the auditor has to just follow a checklist. In other cases, however, the auditor is relatively free to choose. WHOM is the question on who shall be audited. Do we need to audit everyone? Just parts of a food chain after an incident? A certain region of certain commodity producers? Here we also have a range from very rigid requirements (it is time for the next audit because it is a requirement itself) to being relatively free to choose. The question of HOW refers to the modality of the audit: desktop or witness audit, the auditor’s experience and qualification, etc. Last but not least, the question of WHEN refers to the best time to perform the audit: Unannounced or continuous audits? Shall we skip audits for producers who did well in the past? And shall we increse audit frequency for those who didn’t?
To answer these questions, Business Intelligence is being used for several years now in most producing companies, certification bodies, and standard setters with relational databases being created to store the data and some basic grouping, filtering, sorting, and simple mathematical analysis being applied to it. They have created pivot tables, diagrams, and tables of any sort for reporting—and it worked. They have their processes in place and people are familiar with the technology. So, why should anything change? Well, because it does!
Predictive Analytics and Machine Learning are going to enter the field of audit management and they are about to drastically change the way certification bodies, standard setters, and producing companies work. Today already, explorative BI allows us to answer the „Important Four“ more accurately and with more confidence than ever before with classical BI. With explorative BI becoming adopted more widely, we are going to see new services and business opportunities emerge.
If this articel leaves you wondering what it takes to stay on top of the game, you will be pleased to hear that I am going to cover this question in one of my upcoming articles. Stay tuned
Subscribe this blog and receive email notifications on published posts.