How do auditors test management-owned analytics?
Test both design and operation. For design, understand the control objective, source data, population, join logic, threshold, owner, frequency, and exception workflow. For operation, inspect evidence that the analytic ran, exceptions were reviewed, follow-up was performed, and unresolved items were escalated.
Auditors should also validate data reliability. A clean exception report is weak evidence if the population is incomplete, field definitions are misunderstood, or filters exclude high-risk transactions.
Master Part 3 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
What should an auditor do if a supervisor weakens a supported finding?
How should auditors prepare for a technical exit meeting?
When should audit quality concerns be escalated beyond the engagement team?
How does business knowledge affect internal audit quality?
Where should an auditor begin a full-company internal control audit?
Join the Discussion
Ask questions and get expert answers.