Embed Size (px)
Citation preview
The
info
rmat
ion
cont
aine
d he
rein
is o
f a g
ener
al n
atur
e an
d is
not
inte
nded
to a
ddre
ss t
he
circ
umst
ance
s of
any
par
ticu
lar i
ndiv
idua
l or e
ntit
y. A
ltho
ugh
we
ende
avor
to p
rovi
de a
ccur
ate
and
tim
ely
info
rmat
ion,
the
re c
an b
e no
gua
rant
ee t
hat s
uch
info
rmat
ion
is a
ccur
ate
as o
f the
da
te it
is re
ceiv
ed o
r tha
t it w
ill c
onti
nue
to b
e ac
cura
te in
the
futu
re. N
o on
e sh
ould
act
on
such
info
rmat
ion
wit
hout
app
ropr
iate
pro
fess
iona
l adv
ice
afte
r a t
horo
ugh
exam
inat
ion
of t
he
part
icul
ar s
itua
tion
.
KP
MG
LL
P, t
he a
udit
, tax
and
adv
isor
y fi
rm (w
ww
.us.
kpm
g.co
m),
is t
he U
.S. m
embe
r fir
m o
f K
PM
G In
tern
atio
nal C
oope
rati
ve (“
KP
MG
Inte
rnat
iona
l”).
KP
MG
Inte
rnat
iona
l’s m
embe
r fir
ms
have
14
0,0
00
prof
essi
onal
s, in
clud
ing
mor
e th
an 7
,90
0 pa
rtne
rs, i
n 14
6 co
untr
ies.
©20
13 K
PM
G L
LP,
a D
elaw
are
limit
ed li
abili
ty p
artn
ersh
ip a
nd t
he U
.S. m
embe
r fir
m o
f the
K
PM
G n
etw
ork
of in
depe
nden
t mem
ber f
irm
s af
filia
ted
wit
h K
PM
G In
tern
atio
nal C
oope
rati
ve
(“K
PM
G In
tern
atio
nal”
), a
Sw
iss
enti
ty. A
ll ri
ghts
rese
rved
. ND
PP
S 1
591
67
Co
nta
ctFo
r mor
e in
form
atio
n ab
out r
epea
tabl
e an
d su
stai
nabl
e da
ta
anal
ytic
s-en
able
d au
ditin
g, q
uant
itativ
e-ba
sed
cont
inuo
us
risk
asse
ssm
ent f
or d
ynam
ic a
udit
plan
ning
and
con
tinuo
us
audi
ting,
ple
ase
cont
act:
Jim
Lit
tley
Glo
bal
Lea
der
Co
nti
nu
ou
s A
ud
itin
g/
Co
nti
nu
ou
s M
on
ito
rin
g
T: 2
67-2
56-1
833
E: j
little
y@kp
mg.
com
Ack
now
led
gem
ent
Spe
cial
than
ks to
con
trib
utin
g au
thor
Todd
Asp
ell a
nd
writ
er J
oann
a Va
rgas
.
kpm
g.c
om
AD
VIS
OR
Y S
ER
VIC
ES
Tran
sfo
rmin
g In
tern
al A
ud
it:
A M
atur
ity M
odel
from
Dat
a A
naly
tics
toC
ontin
uous
Ass
uran
ce
kpm
g.c
om
Co
nte
nts
Exec
utiv
e su
mm
ary
1
Mak
ing
the
jour
ney
2
The
valu
e of
iden
tify
ing
mat
urit
y le
vels
4
Inte
rnal
aud
it d
ata
anal
ytic
s an
dco
ntin
uous
aud
itin
g m
atur
ity
mod
el
5
Inte
rnal
aud
it p
lan
deve
lopm
ent
at v
ario
us m
atur
ity
leve
ls
6
Exec
utio
n an
d re
port
ing
at v
ario
us m
atur
ity
leve
ls
9
Cha
lleng
es
12
Con
clus
ion
13
The
Mat
urity
Mod
el |
13
Man
y in
tern
al a
udit
depa
rtm
ents
are
thin
king
abo
ut d
ata
anal
ytic
s-en
able
d au
ditin
g an
d co
ntin
uous
aud
iting
pro
cess
es s
tric
tly fr
om a
tact
ical
app
roac
h w
hile
not
co
nsid
erin
g th
e ad
vant
ages
cre
ated
thro
ugh
the
inte
grat
ion
of d
ata
anal
ytic
s an
d co
ntin
uous
aud
iting
thro
ugho
ut a
n in
tern
al a
udit
met
hodo
logy
. How
ever
, the
re a
re
trem
endo
us b
enef
its to
be
real
ized
by
thin
king
mor
e st
rate
gica
lly a
nd tr
ansf
orm
ing
how
inte
rnal
aud
it de
part
men
ts p
lan
and
exec
ute
audi
ts th
roug
h th
e us
e of
repe
atab
le
and
sust
aina
ble
data
ana
lytic
s-en
able
d au
ditin
g; q
uant
itativ
e-ba
sed
cont
inuo
us ri
sk
asse
ssm
ent f
or d
ynam
ic a
udit
plan
ning
; and
con
tinuo
us a
uditi
ng. T
his
tran
sfor
mat
ion
requ
ires
mor
e th
an ju
st d
evel
opin
g te
chni
cal c
apab
ilitie
s to
per
form
dat
a an
alyt
ics.
It
invo
lves
reev
alua
ting
and,
whe
re n
eces
sary
, mod
ifyin
g th
e in
tern
al a
udit
met
hodo
logy
bei
ng u
sed
by th
e en
tire
inte
rnal
aud
it de
part
men
t to
crea
te a
str
ateg
ic
appr
oach
to im
plem
ent,
sus
tain
, and
exp
and
data
ana
lytic
s-en
able
d au
ditin
g an
d ot
her r
elat
ed in
itiat
ives
suc
h as
con
tinuo
us a
uditi
ng, c
ontin
uous
mon
itorin
g, a
nd e
ven
cont
inuo
us a
ssur
ance
. Fin
ally
, acc
epta
nce
and
supp
ort f
rom
man
agem
ent a
nd k
ey
busi
ness
sta
keho
lder
s is
crit
ical
to e
nsur
ing
that
inte
rnal
aud
it’s
tran
sfor
mat
ion
effo
rts
rem
ain
rele
vant
and
val
uabl
e to
the
busi
ness
.
Co
ncl
usi
on
12 |
The
Mat
urity
Mod
el
Eac
h le
vel o
f mat
urity
con
tain
s its
ow
n se
t of c
halle
nges
. Som
e m
ay b
e m
ore
pred
icta
ble
than
oth
ers,
but
it’s
crit
ical
to re
cogn
ize
the
diff
icul
ties
expe
rienc
ed
by o
ther
s to
app
ropr
iate
ly p
repa
re a
nd a
void
them
. Som
e ty
pica
l pitf
alls
that
may
de
rail
data
ana
lytic
s-en
able
d au
ditin
g an
d co
ntin
uous
aud
iting
initi
ativ
es in
clud
e th
e fo
llow
ing:
Gen
eral
• D
eter
min
ing
and
esta
blis
hing
con
sens
us o
n ob
ject
ives
and
suc
cess
crit
eria
.
• M
easu
ring
and
dem
onst
ratin
g su
cces
s.
• Li
mite
d re
sour
ces
(tec
hnol
ogy
and
hum
an k
now
how
).
Dat
a A
vaila
bili
ty a
nd
Qu
alit
y •
Lack
of a
cces
s to
dat
a
• D
ispa
rate
info
rmat
ion
syst
ems
with
diff
eren
t dat
a fo
rmat
s.
• In
com
plet
e da
ta s
ets,
inco
nsis
tent
dat
a qu
ality
.
• D
ata
priv
acy/
secu
rity
issu
es to
nav
igat
e.
Dat
a A
nal
ytic
s•
Inab
ility
to e
ffect
ivel
y le
vera
ge d
ata
anal
ytic
s to
ach
ieve
aud
it ob
ject
ives
.
• D
efin
ition
of “
exce
ptio
n;”
addr
essi
ng “
fals
e po
sitiv
es”
and
“fal
se n
egat
ives
”.
• W
orkf
low
aro
und
exce
ptio
n re
solu
tion;
man
agin
g vo
lum
es o
f exc
eptio
ns.
Ch
ange
Man
agem
ent
• M
anag
ing
impa
ct o
f dat
a an
alyt
ics,
con
tinuo
us a
uditi
ng, a
nd c
ontin
uous
m
onito
ring
proc
esse
s on
aud
itors
and
bus
ines
s pr
oces
s ow
ners
.
Ch
alle
nge
s
The
Mat
urity
Mod
el |
1
If y
ou’re
trav
elin
g do
wn
a pa
th th
at n
ever
reac
hes
its d
estin
atio
n, w
ould
you
sta
y on
th
e sa
me
path
or w
ould
you
try
a di
ffere
nt a
ppro
ach?
It’s
a q
uest
ion
wor
th a
skin
g,
espe
cial
ly w
hen
it co
mes
to d
ata
anal
ytic
s-en
able
d au
ditin
g.
Alth
ough
the
bene
fits
of d
ata
anal
ytic
s-en
able
d au
ditin
g ar
e w
ell k
now
n, m
any
orga
niza
tions
hav
e be
en
unab
le to
real
ize
them
. The
prim
ary
reas
ons
may
lie
in th
eir a
ppro
ach.
Mos
t org
aniz
atio
ns ta
ke a
tact
ical
and
te
chni
cal’
appr
oach
tow
ard
leve
ragi
ng d
ata
anal
ytic
s in
pla
nnin
g an
d ex
ecut
ing
audi
ts. T
his
incl
udes
buy
ing
soph
istic
ated
sof
twar
e to
ols
and
hirin
g sp
ecia
lists
to ru
n an
alyt
ics
and
expe
ctin
g th
at to
be
suff
icie
nt to
ac
hiev
e da
ta a
naly
tics-
enab
led
audi
ting
acro
ss th
eir a
udit
univ
erse
. But
to b
e tr
uly
effe
ctiv
e an
d su
stai
nabl
e,
data
ana
lytic
s-en
able
d au
ditin
g re
quire
s m
ore
than
pro
ceed
ing
with
bus
ines
s-as
-usu
al a
nd a
ddin
g so
me
tact
ical
and
tech
nica
l dat
a an
alyt
ic c
apab
ilitie
s.
Whi
le te
chni
cal s
kills
and
tool
s ar
e su
rely
impo
rtan
t to
the
proc
ess,
org
aniz
atio
ns n
eed
to ta
ke a
mor
e st
rate
gic
appr
oach
to im
plem
ent,
sus
tain
, and
exp
and
data
ana
lytic
s-en
able
d au
ditin
g. T
his
may
requ
ire
tran
sfor
min
g th
e w
ay y
ou p
lan,
exe
cute
, and
repo
rt a
udits
, inc
ludi
ng y
our r
elat
ions
hips
with
bus
ines
s st
akeh
olde
rs. T
he k
ey is
to fo
cus
on y
our a
udit
met
hodo
logy
, or a
ppro
ach,
not
just
you
r tec
hnic
al c
apab
ilitie
s.
This
pap
er p
rovi
des
a m
ulti-
dim
ensi
onal
refe
renc
e m
odel
to il
lust
rate
how
to ta
ke a
tran
sfor
mat
ive
appr
oach
to
war
d au
dit p
lann
ing
and
exec
utio
n in
ord
er to
impl
emen
t sus
tain
able
dat
a an
alyt
ics-
enab
led
audi
ting.
In
the
exam
ples
pro
vide
d, w
e’ve
mod
ified
a tr
aditi
onal
inte
rnal
aud
it m
etho
dolo
gy b
y in
tegr
atin
g an
alyt
ics
and
high
light
ing
char
acte
ristic
s th
roug
hout
eac
h ph
ase.
Thi
s ca
n he
lp s
erve
as
a re
fere
nce
on h
ow a
nd
whe
re y
ou c
an m
odify
you
r int
erna
l aud
it m
etho
dolo
gy. W
e’ve
then
take
n it
a st
ep fu
rthe
r by
appl
ying
a
mat
urity
mod
el a
s an
ove
rlay
to th
e m
etho
dolo
gy.
The
mat
urity
mod
el, s
een
thro
ugh
the
lens
of a
n in
tern
al a
udit
met
hodo
logy
, is
desi
gned
to il
lust
rate
th
at th
ere
are
man
y da
ta a
naly
tics-
enab
led
audi
ting
char
acte
ristic
s ac
ross
our
five
pha
ses
of a
n au
dit
met
hodo
logy
at e
ach
of th
e fiv
e pr
opos
ed m
atur
ity le
vels
. As
you
will
see
in th
e fo
llow
ing
page
s, th
e m
atur
ity m
odel
ser
ves
as a
refe
renc
e to
hig
hlig
ht s
peci
fic d
ata
anal
ytic
s-en
able
d au
ditin
g ch
arac
teris
tics
from
a v
ery
basi
c le
vel o
f mat
urity
thro
ugh
a ve
ry m
atur
e le
vel f
or e
ach
phas
e of
the
audi
t met
hodo
logy
. K
now
ing
thes
e ch
arac
teris
tics
may
ass
ist y
ou o
n yo
ur jo
urne
y to
tran
sfor
m y
our a
udit
met
hodo
logy
, or
appr
oach
, to
incl
ude
data
ana
lytic
s in
ord
er to
reac
h yo
ur d
esire
d ul
timat
e in
tern
al a
udit
dest
inat
ion.
Exe
cuti
ve s
um
mar
y
2 | T
he M
atur
ity M
odel
Doe
s yo
ur in
tern
al a
udit
appr
oach
add
val
ue to
sen
ior m
anag
emen
t’s v
iew
of b
usin
ess
risk
and
stra
tegi
c go
als?
Wha
t rol
e do
es in
tern
al a
udit
play
in th
e as
sess
men
t of r
isks
that
dire
ctly
impa
ct y
our o
rgan
izat
ion’
s ab
ility
to a
chie
ve it
s st
rate
gic
goal
s? Is
the
inte
rnal
aud
it de
part
men
t a p
artn
er in
dev
elop
ing
the
stra
tegi
c pr
iorit
ies
and
visi
on o
f the
com
pany
? D
oes
inte
rnal
aud
it’s
met
hodo
logy
effe
ctiv
ely
leve
rage
dat
a an
alyt
ics
in o
rder
to c
ontin
ually
ass
ess
the
risks
that
wou
ld in
hibi
t the
ach
ieve
men
t of t
he o
rgan
izat
ion’
s st
rate
gic
goal
s? R
egar
ding
the
risks
iden
tifie
d, h
ow d
oes
your
app
roac
h de
term
ine
how
aud
its a
re id
entif
ied,
pla
nned
an
d ex
ecut
ed?
If th
e an
swer
s to
thes
e qu
estio
ns a
re u
ncle
ar w
ithin
you
r int
erna
l aud
it de
part
men
t, y
ou’re
ce
rtai
nly
not a
lone
.
The
cont
inuo
us a
ssur
ance
of e
nter
pris
e ris
k m
anag
emen
t1 (as
not
ed in
Mat
urity
Lev
el V
in th
e ch
art b
elow
) is
an
ambi
tious
goa
l for
inte
rnal
aud
it de
part
men
ts, m
any
of w
hich
are
stil
l see
king
to a
chie
ve a
sta
te o
f in
tegr
ated
or s
usta
ined
dat
a an
alyt
ics,
con
tinuo
us ri
sk a
sses
smen
t and
con
tinuo
us a
uditi
ng p
roce
sses
. Tru
th
be to
ld, r
epea
tabl
e an
d su
stai
nabl
e da
ta a
naly
tics
and
cont
inuo
us a
uditi
ng p
roce
sses
rem
ain
a to
p go
al fo
r m
any
inte
rnal
aud
it de
part
men
ts a
nd s
enio
r man
agem
ent,
but
mos
t org
aniz
atio
ns a
re s
till i
n th
eir i
nfan
cy o
r pl
anni
ng s
tage
s w
hen
it co
mes
to a
ctua
l exe
cutio
n.
As
inte
rnal
aud
it de
part
men
ts s
eek
to a
dvan
ce th
eir a
ppro
ach,
the
use
of a
mat
urity
mod
el c
an h
elp
benc
hmar
k th
e de
part
men
t, u
sing
a fe
w b
asic
cha
ract
eris
tics
(an
exam
ple
of w
hich
can
be
foun
d on
pag
e 6)
, to
pro
vide
a c
lear
pat
h to
war
d ac
hiev
ing
data
ana
lytic
s-en
able
d in
tern
al a
uditi
ng, c
ontin
uous
aud
iting
, and
be
yond
. Roo
ted
in a
n in
tern
al a
udit
met
hodo
logy
, the
mat
urity
mod
el s
erve
s as
a g
uide
alo
ng th
e jo
urne
y fr
om tr
aditi
onal
inte
rnal
aud
it m
odel
s to
war
d m
ore
mat
ure
leve
ls o
f con
tinuo
us a
uditi
ng, a
nd th
roug
h to
the
cont
inuo
us a
ssur
ance
of e
nter
pris
e ris
k m
anag
emen
t – a
n ul
timat
e go
al o
f int
erna
l aud
it, a
s w
ell a
s, m
ost
ente
rpris
es a
nd th
eir e
xecu
tive
man
agem
ent.
A k
ey fi
rst s
tep
with
in th
e m
atur
ity m
odel
is th
e su
cces
sful
in
tegr
atio
n of
dat
a an
alyt
ics.
Mak
ing
th
e jo
urn
ey
1 C
ontin
uous
Ass
uran
ce is
a p
rogr
essi
ve s
hift
in a
udit
prac
tices
tow
ards
the
max
imum
pos
sibl
e de
gree
of a
udit
auto
mat
ion
as a
way
of t
akin
g ad
vant
age
of th
e te
chno
logi
cal b
asis
of t
he m
oder
n en
tity
in o
rder
to re
duce
aud
it co
sts
and
incr
ease
aud
it au
tom
atio
n. G
iven
the
emph
asis
on
the
tran
sfor
mat
ion
of th
e en
tire
syst
em o
f aud
iting
, th
e de
velo
pmen
t of C
ontin
uous
Ass
uran
ce re
quire
s a
fund
amen
tal r
ethi
nk o
f all
aspe
cts
of a
uditi
ng, f
rom
the
way
in
whi
ch d
ata
is m
ade
avai
labl
e to
the
audi
tor,
to th
e ki
nds
of te
sts
the
audi
tor c
ondu
cts,
how
abn
orm
aliti
es a
re
deal
t with
, wha
t kin
ds o
f rep
orts
are
issu
ed, h
ow o
ften
and
to w
hom
they
are
issu
ed, a
nd m
any
othe
r fac
tors
, the
im
port
ance
of s
ome
of w
hich
will
onl
y be
com
e ap
pare
nt a
s C
ontin
uous
Ass
uran
ce is
impl
emen
ted.
“Con
tinuo
us A
ssur
ance
for t
he N
ow E
cono
my”
, Rut
gers
Bus
ines
s S
choo
l, Fe
brua
ry 2
010.
An
ove
rvie
w o
f mat
uri
ty le
vels
The
mat
urity
mod
el b
elow
repr
esen
ts th
e st
ages
of m
atur
ity fr
om th
e le
ast m
atur
e st
ate
of tr
aditi
onal
au
ditin
g th
roug
h to
the
mos
t mat
ure
stat
e of
con
tinuo
us a
ssur
ance
of e
nter
pris
e ris
k m
anag
emen
t.
Leas
t M
atu
reM
ost
Mat
ure
Trad
ition
alA
uditi
ng
Ad
Hoc
Inte
grat
edA
naly
tics
Con
tinuo
us R
isk
Ass
essm
ent &
Con
tinuo
usA
uditi
ng
Inte
grat
ed
Con
tinuo
usA
uditi
ng &
C
ontin
uous
M
onito
ring
Con
tinuo
us
Ass
uran
ce o
f En
terp
rise
Ris
kM
anag
emen
t
Mat
uri
tyLe
vel V
Mat
uri
tyLe
vel I
VM
atu
rity
Leve
l III
Mat
uri
tyLe
vel I
IM
atu
rity
Leve
l I
The
Mat
urity
Mod
el |
11
Inte
rnal
aud
it ca
n th
en le
vera
ge th
e an
alyt
ics
and
mon
itorin
g pe
rfor
med
by
the
busi
ness
and
dat
a qu
ality
is
regu
larly
val
idat
ed. A
utom
ated
aud
iting
tech
niqu
es a
chie
ve s
ever
al a
udit
obje
ctiv
es b
ased
on
“exc
eptio
n”
audi
ting.
This
type
of a
uditi
ng is
per
form
ed o
n a
cont
inuo
us b
asis
rath
er th
an o
nly
whe
n an
aud
it is
sch
edul
ed.
Thes
e au
dit p
rogr
ams
allo
w in
tern
al a
udit
to g
ain
incr
easi
ng e
ffici
enci
es a
nd to
exp
and
audi
t cov
erag
e. Th
e au
dit
team
inte
rpre
ts, a
naly
zes,
and
cha
lleng
es th
e re
sults
of t
he a
naly
tics.
The
root
cau
se is
inve
stig
ated
thro
ugh
the
data
and
ver
ified
by
man
agem
ent t
hrou
gh in
quiry
and
the
exce
ptio
ns a
nd re
sults
are
ver
ified
by
the
busi
ness
pr
oces
s ow
ners
.
Exe
cuti
on
an
d R
epo
rtin
g a
t M
atu
rity
Lev
el
VTh
e ne
xt m
atur
ity le
vel,
whi
ch c
an b
e vi
ewed
as
the
ultim
ate
obje
ctiv
e of
inte
rnal
aud
it or
gani
zatio
ns, i
s th
e co
ntin
uous
ass
uran
ce o
f ent
erpr
ise
risk
man
agem
ent (
Mat
urity
Lev
el V
). Th
e ex
ecut
ion
and
repo
rtin
g m
etho
dolo
gy p
hase
at t
his
leve
l inc
lude
s pr
ojec
t pla
nnin
g in
whi
ch b
usin
ess
mon
itorin
g an
d au
dit’s
pro
cedu
res
rely
on
the
sam
e pr
oces
ses,
tech
nolo
gy, d
ata
and
info
rmat
ion.
The
aud
itor p
erfo
rms
proc
edur
es v
erify
ing
the
unde
rlyin
g da
ta a
naly
tics
and
repo
rtin
g ar
e al
igne
d w
ith th
e st
rate
gic
obje
ctiv
es.
The
audi
t sco
pe is
flui
d, fo
cusi
ng o
n ro
ot c
ause
ana
lysi
s an
d m
anag
emen
t’s
effe
ctiv
enes
s at
mon
itorin
g an
d re
spon
ding
to ri
sks.
Con
tinui
ng to
look
at p
roce
ss a
naly
sis
as a
n ex
ampl
e, a
t thi
s m
atur
ity le
vel,
proc
ess
anal
ysis
invo
lves
dat
a an
alyt
ics
that
are
exe
cute
d by
the
ente
rpris
e’s
syst
ems
to c
ontin
uous
ly v
erify
that
cer
tain
risk
tole
ranc
es a
re n
ot e
xcee
ded.
Th
is le
vel o
f mat
urity
is c
hara
cter
ized
by
a m
ore
expa
nsiv
e an
d co
nsis
tent
us
e of
adv
ance
d an
alyt
ics
incl
udin
g pr
edic
tive
and
pres
crip
tive
anal
ytic
s.
The
busi
ness
risk
s ar
e re
conc
iled
to th
e en
tity
leve
l key
str
ateg
ic ri
sks
on
a co
ntin
uous
bas
is. A
tech
nolo
gy-e
nabl
ed p
roce
ss a
naly
zes
inte
rnal
and
ex
tern
al q
uant
itativ
e an
d qu
alita
tive
data
suc
h as
com
petit
ive
land
scap
e in
form
atio
n, n
ew re
gula
tions
, eco
nom
ic tr
ends
, etc
., an
d de
tect
s an
y ris
ks th
at m
ay im
pede
the
achi
evem
ent o
f the
org
aniz
atio
n’s
stra
tegi
c go
als.
Dat
a tr
endi
ng in
form
atio
n fo
r cer
tain
key
pro
cess
es a
nd
cont
rols
are
ava
ilabl
e to
sen
ior l
evel
man
agem
ent a
nd e
nhan
ced
and
dyna
mic
repo
rtin
g of
resu
lts a
re a
vaila
ble
for m
anag
emen
t’s a
nd
inte
rnal
aud
it’s
revi
ew a
nd re
spon
se.
At t
his
final
mat
urity
leve
l, au
tom
ated
aud
iting
is u
sed
and
is
focu
sed
on m
anag
emen
t’s re
spon
ses
to b
usin
ess
anom
alie
s an
d tr
igge
r eve
nts.
Inte
rnal
aud
it ve
rifie
s th
e re
conc
iliat
ion
of th
e bu
sine
ss’ m
onito
ring
of p
roce
ss ri
sks
and
cont
rols
w
ith th
e en
tity’
s st
rate
gic
leve
l ris
ks o
n a
cont
inuo
us b
asis
. Se
nior
Man
agem
ent p
rovi
des
insi
ghts
to o
rgan
izat
iona
l and
pe
ople
man
agem
ent b
y in
terp
retin
g an
d an
alyz
ing
the
resu
lts.
Roo
t cau
se in
vest
igat
ions
and
reco
mm
enda
tions
focu
s on
man
agem
ent p
roce
ss im
prov
emen
ts a
nd e
xcep
tions
an
d re
sults
are
dis
cuss
ed a
nd v
erifi
ed b
y th
e bu
sine
ss
proc
ess
owne
rs.
10 |
The
Mat
urity
Mod
el
Exe
cuti
on
an
d R
epo
rtin
g a
t M
atu
rity
Lev
els
I a
nd
II
This
pha
se o
f an
inte
rnal
aud
it m
etho
dolo
gy is
focu
sed
on th
e id
entif
icat
ion
and
com
mun
icat
ion
of
findi
ngs
and
perf
orm
ance
impr
ovem
ent o
ppor
tuni
ties
usin
g fo
rmal
doc
umen
tatio
n an
d m
eetin
gs w
ith
vario
us c
onst
ituen
t gro
ups
such
as
the
audi
t com
mitt
ee, s
enio
r man
agem
ent,
pro
cess
ow
ners
, and
oth
er
stak
ehol
ders
to c
omm
unic
ate
the
resu
lts o
f the
inte
rnal
aud
it w
ork.
Thi
s dr
ives
cha
nge
that
con
trib
ute
to th
e ac
hiev
emen
t of t
he e
nter
pris
e’s
stra
tegi
c an
d bu
sine
ss o
bjec
tives
. Dur
ing
the
exec
utio
n an
d re
port
ing
phas
e, a
udito
rs ty
pica
lly re
view
fina
ncia
l sta
tem
ents
, man
agem
ent r
epor
ting,
prio
r aud
it re
port
s,
perf
orm
ance
and
risk
indi
cato
rs a
ffect
ed b
y th
e pr
oces
s to
gai
n an
und
erst
andi
ng o
f the
bus
ines
s pr
oces
s.
In tr
aditi
onal
aud
iting
(Mat
urity
Lev
el I)
, dat
a an
alyt
ics
are
gene
rally
not
util
ized
to d
rive
the
exec
utio
n of
th
e au
dit p
lan.
In M
atur
ity L
evel
II, a
d ho
c da
ta a
naly
tics
help
to id
entif
y ou
tlier
tran
sact
ions
and
focu
s au
dit
scop
e. T
he a
naly
tics
are
desc
riptiv
e in
nat
ure
and
thei
r res
ults
gui
de th
e w
alkt
hrou
gh p
roce
dure
s fo
cusi
ng
on id
entif
ied
gaps
, and
the
prio
ritiz
atio
n of
the
mea
sure
and
ana
lyze
pro
cedu
res.
Exe
cuti
on
an
d R
epo
rtin
g a
t M
atu
rity
Lev
el I
IIE
xecu
tion
and
repo
rtin
g at
the
cont
inuo
us ri
sk a
sses
smen
t and
con
tinuo
us a
uditi
ng m
atur
ity le
vel
(Mat
urity
Lev
el II
I) w
ould
incl
ude
key
busi
ness
pro
cess
es w
ith a
utom
ated
ana
lytic
s ge
nera
ted
for
the
audi
tor d
urin
g pl
anni
ng in
ord
er to
sco
pe a
nd fo
cus
audi
t eff
orts
.
As
part
of t
he e
xecu
tion
and
repo
rtin
g m
etho
dolo
gy p
hase
, int
erna
l aud
it ac
tivel
y re
view
s pe
rfor
man
ce a
nd ri
sk
indi
cato
rs, b
ench
mar
k co
mpa
rison
s an
d ex
tern
al in
form
atio
n. D
ata
is re
adily
ava
ilabl
e, a
naly
tics
are
desc
riptiv
e,
diag
nost
ic, a
nd e
ven
som
e pr
edic
tive
with
som
e an
alyt
ics
bein
g pr
e-pa
ckag
ed. T
he a
naly
tic re
sults
focu
s th
e w
alkt
hrou
gh p
roce
dure
s an
d th
e pr
iorit
izat
ion
of m
easu
re a
nd a
naly
ze p
roce
dure
s. In
tern
al a
udit
utili
zes
data
an
alyt
ics-
enab
led
audi
t pro
gram
s to
exp
and
audi
t cov
erag
e an
d im
prov
e au
ditin
g ef
ficie
ncy
and
effe
ctiv
enes
s.
Mos
t dat
a is
read
ily a
vaila
ble
to th
e au
dito
r and
is v
alid
ated
dur
ing
audi
t exe
cutio
n. R
oot c
ause
is in
vest
igat
ed
thro
ugh
the
data
and
ver
ified
by
inqu
iry. T
he d
ata
and
resu
lts a
re a
vaila
ble
and
verif
ied
by th
e bu
sine
ss
proc
ess
owne
rs.
Exe
cuti
on
an
d R
epo
rtin
g a
t M
atu
rity
Lev
el I
VIn
Mat
urity
Lev
el IV
(int
egra
ted
cont
inuo
us a
uditi
ng a
nd c
ontin
uous
mon
itorin
g), t
he b
usin
ess
proc
ess
owne
rs m
onito
r per
form
ance
and
risk
indi
cato
rs fo
r the
bus
ines
s pr
oces
ses
durin
g pr
ojec
t pla
nnin
g.
The
audi
t tea
m le
vera
ges
the
busi
ness
’ mon
itorin
g an
d pe
rfor
ms
inde
pend
ent a
naly
ses
on th
e m
onito
ring
outp
ut to
iden
tify
tren
ds a
nd p
riorit
ize
area
s to
focu
s au
dit e
ffort
s.
Inte
rnal
aud
it is
now
con
nect
ed to
the
sam
e da
ta a
nd re
port
ing
as m
anag
emen
t. In
tern
al a
udit
asse
sses
th
e da
ta q
ualit
y an
d th
e an
alyt
ics
mon
itore
d by
the
busi
ness
. Con
tinui
ng w
ith th
e pr
oces
s an
alys
is a
rea
of th
e ex
ecut
ion
and
repo
rtin
g ph
ase
as a
n ex
ampl
e, in
tern
al a
udit
perf
orm
s an
alys
es o
f the
resu
lts
from
man
agem
ent’s
mon
itorin
g pr
oces
s to
gai
n an
und
erst
andi
ng o
f how
wel
l ris
ks a
re m
onito
red
and
cont
rolle
d. S
yste
m e
vent
logs
and
pro
cess
seq
uenc
ing
are
anal
yzed
. In
addi
tion
to d
escr
iptiv
e an
d di
agno
stic
ana
lytic
s, p
redi
ctiv
e an
alyt
ics
may
be
used
mor
e ex
tens
ivel
y, p
resc
riptiv
e an
alyt
ics
may
be
intr
oduc
ed, a
nd th
e an
alyt
ics
may
be
prog
ram
med
or e
ven
auto
mat
ed. (
see
side
bar o
n pa
ge x
x)
The
anal
ytic
resu
lts g
uide
wal
kthr
ough
pro
cedu
res
and
the
prio
ritiz
atio
n of
the
mea
sure
and
an
alyz
e pr
oced
ures
.
Whi
le m
any
inte
rnal
aud
it de
part
men
ts m
ay h
ave
alre
ady
adde
d th
e us
e of
dat
a an
alyt
ics
in th
e pl
anni
ng,
scop
ing,
and
exe
cutio
n of
aud
its, m
any
have
don
e so
in a
n ad
hoc
fash
ion
– us
ing
one
or tw
o te
chni
cal
reso
urce
s fo
r one
or m
ore
isol
ated
are
as o
f aud
it fo
cus.
As
a re
sult,
thes
e in
tern
al a
udit
depa
rtm
ents
are
ju
st s
kim
min
g th
e su
rfac
e an
d ar
e un
deru
tiliz
ing
the
full
pote
ntia
l of d
ata
anal
ytic
s by
faili
ng to
radi
ate
this
po
wer
ful c
apab
ility
acr
oss
thei
r dep
artm
ents
and
thei
r aud
it un
iver
se.
Her
e lie
s th
e fu
ndam
enta
l pro
blem
. Mos
t org
aniz
atio
ns h
ave
not c
onsi
dere
d th
e us
e of
dat
a an
alyt
ics
or
cont
inuo
us a
uditi
ng in
rela
tion
to th
e de
part
men
t’s in
tern
al a
udit
met
hodo
logy
, inc
ludi
ng a
tran
sfor
mat
ion
of h
ow a
udits
are
pla
nned
, exe
cute
d, a
nd re
port
ed. F
or e
xam
ple,
mos
t int
erna
l aud
it m
etho
dolo
gies
do
not
conn
ect o
r int
egra
te th
e us
e of
dat
a an
alyt
ics
or c
ontin
uous
aud
iting
thro
ugho
ut th
e va
rious
pha
ses
of a
n au
dit c
ycle
. Hen
ce, d
ata
anal
ytic
s be
com
es m
ore
of a
bol
t-on
activ
ity, w
hich
dep
artm
ents
try
to s
usta
in b
y bu
ildin
g a
”tec
hnic
al”
capa
bilit
y, ra
ther
than
a s
trat
egic
ena
bler
inte
grat
ed in
to th
e fa
bric
of t
he a
udit
proc
ess.
By
not i
nteg
ratin
g da
ta a
naly
tics
with
in th
e in
tern
al a
udit
proc
ess
to g
uide
the
depa
rtm
ent i
n pl
anni
ng a
nd
exec
utin
g au
dits
, int
erna
l aud
it de
part
men
ts s
trug
gle
with
impl
emen
ting
the
use
of d
ata
anal
ytic
s. E
ven
if th
ey h
ave
impl
emen
ted
its u
se, t
hose
sam
e de
part
men
ts h
ave
stru
ggle
d w
ith e
xpan
ding
its
use
beyo
nd o
ne
or tw
o re
sour
ces,
bey
ond
one
or tw
o au
dit a
reas
, or b
eyon
d us
e on
an
infr
eque
nt b
asis
. Fur
ther
, whe
n its
us
e is
con
cent
rate
d w
ith o
ne o
r tw
o ke
y re
sour
ces,
and
thos
e re
sour
ces
leav
e th
e de
part
men
t, u
se o
f dat
a an
alyt
ics
freq
uent
ly s
tops
. Con
sequ
ently
, the
resu
lts g
ener
ated
from
trad
ition
al a
d ho
c an
alyt
ics
ultim
atel
y do
not
hav
e a
sign
ifica
nt im
pact
on
the
depa
rtm
ents
’ aud
it ap
proa
ch b
ecau
se o
f thi
s la
ck o
f int
egra
tion
into
th
e ov
eral
l aud
it pr
oces
s.
As
a re
sult,
ther
e co
ntin
ues
to b
e a
barr
ier i
n th
e w
ay th
at in
tern
al a
udit
depa
rtm
ents
are
leve
ragi
ng
data
ana
lytic
s, w
hich
can
be
over
com
e by
fund
amen
tally
tran
sfor
min
g th
e au
dit p
roce
ss v
ia a
new
aud
it ap
proa
ch, o
r met
hodo
logy
. A m
atur
ity p
ath
may
hel
p to
effe
ctiv
ely
initi
ate
and
adva
nce
the
use
of d
ata
anal
ytic
s an
d co
ntin
uous
aud
iting
.
By
star
ting
with
the
phas
es o
f a c
omm
on in
tern
al a
udit
met
hodo
logy
and
iden
tifyi
ng th
e ch
arac
teris
tics
at
diffe
rent
leve
ls o
f mat
urity
, an
orga
niza
tion
can
iden
tify
logi
cal i
nteg
ratio
n po
ints
for r
epea
tabl
e an
d su
stai
nabl
e da
ta a
naly
tics,
con
tinuo
us a
uditi
ng, a
nd o
ther
rela
ted
initi
ativ
es. T
he re
sult
is a
new
inte
rnal
aud
it m
etho
dolo
gy
adap
ted
to re
pres
ent d
ata
anal
ytic
s-en
able
d in
tern
al a
uditi
ng a
t eac
h ph
ase
of th
e au
dit p
roce
ss.
By
star
tin
g w
ith
th
e p
has
es o
f a c
om
mo
n
inte
rnal
au
dit
met
ho
do
logy
an
d id
enti
fyin
g
the
char
acte
rist
ics
at d
iffer
ent
leve
ls o
f m
atu
rity
, an
org
aniz
atio
n c
an id
enti
fy
log
ical
inte
gra
tio
n p
oin
ts fo
r re
pea
tab
le
and
su
stai
nab
le d
ata
anal
ytic
s, c
on
tin
uo
us
aud
itin
g, a
nd
oth
er r
elat
ed in
itia
tive
s.
4 | T
he M
atur
ity M
odel
Th
e va
lue
of i
den
tify
ing
mat
uri
ty le
vels
The
first
ste
p on
you
r tra
nsfo
rmat
ion
jour
ney
tow
ard
achi
evin
g da
ta a
naly
tics-
enab
led
audi
ting
invo
lves
id
entif
ying
you
r cur
rent
leve
l of m
atur
ity. K
now
ing
your
cur
rent
mat
urity
leve
l is
nece
ssar
y to
det
erm
ine
gaps
with
in th
e ap
proa
ch th
at n
eed
to b
e ad
dres
sed
in o
rder
to re
ach
the
desi
red
futu
re s
tate
. Not
eve
ry
orga
niza
tion
requ
ires
the
sam
e le
vel o
f mat
urity
in th
eir d
ata
anal
ytic
s or
con
tinuo
us a
uditi
ng p
roce
sses
. It
dep
ends
on
a nu
mbe
r of f
acto
rs in
clud
ing,
for e
xam
ple,
the
need
s an
d go
als
of th
e en
terp
rise,
the
ambi
tions
and
per
mis
sion
s of
the
chie
f aud
it ex
ecut
ive,
the
natu
re o
f the
ent
erpr
ise’
s bu
sine
ss, a
nd th
e re
gula
tory
env
ironm
ent i
n w
hich
the
ente
rpris
e op
erat
es n
ow a
nd in
the
futu
re.
Est
ablis
hing
whe
re y
our i
nter
nal a
udit
orga
niza
tion
stan
ds re
quire
s co
mpa
rison
with
a re
fere
nce
mat
urity
m
odel
, whi
ch in
clud
es c
lear
leve
ls o
f mat
urity
, for
eac
h ph
ase
of th
e au
dit p
roce
ss, w
ith c
onsi
dera
tion
of a
va
riety
of p
eopl
e, p
roce
ss, a
nd te
chno
logy
fact
ors.
The
pur
pose
of s
uch
a co
mpa
rison
, or g
ap a
sses
smen
t,
is to
hel
p id
entif
y th
e de
sire
d fu
ture
sta
te m
atur
ity le
vel t
hat i
s rig
ht fo
r you
r int
erna
l aud
it or
gani
zatio
n, th
e ga
ps b
etw
een
the
curr
ent a
nd fu
ture
sta
tes,
and
to e
nabl
e bu
ildin
g a
stra
tegy
to a
chie
ve th
e de
sire
d fu
ture
m
atur
ity s
tate
. Mor
eove
r, th
e m
odel
ser
ves
as a
mec
hani
sm to
mea
sure
pro
gres
s al
ong
the
way
.
KP
MG
has
dev
elop
ed th
e fo
llow
ing
refe
renc
e m
atur
ity m
odel
to il
lust
rate
the
appl
icat
ion
of d
ata
anal
ytic
s an
d th
eir r
elat
ed c
hara
cter
istic
s fo
r eac
h ph
ase
of th
e au
dit m
etho
dolo
gy a
nd h
ow th
ey m
ay v
ary
at d
iffer
ent
mat
urity
leve
ls.
The
Mat
urity
Mod
el |
9
With
in a
n in
tern
al a
udit
met
hodo
logy
, exe
cutio
n an
d re
port
ing
invo
lves
the
scop
ing
of e
ach
audi
t, c
reat
ing
and
exec
utin
g th
e au
dit s
teps
, con
duct
ing
the
busi
ness
pro
cess
ana
lysi
s, id
entif
icat
ion
of c
ontr
ol g
aps
to b
e co
nsid
ered
or e
valu
ated
, and
the
docu
men
tatio
n of
aud
it ev
iden
ce a
nd re
port
ing
of a
ny fi
ndin
gs. T
he u
se o
f an
alyt
ics-
enab
led
audi
ting
char
acte
ristic
s at
this
pha
se in
crea
ses
as y
ou m
ove
up fr
om e
ach
of th
e fiv
e m
atur
ity
leve
ls a
s sh
own
in th
e ch
art b
elow
.
Exe
cuti
on
an
d r
epo
rtin
g a
t va
rio
us
mat
uri
ty le
vels
Inte
rnal
Au
dit
D
ata
An
alyt
ics
and
Co
nti
nu
ou
s A
ud
itin
g
Mat
uri
ty M
od
elTr
adit
ion
al
Au
dit
ing
Ad
Ho
c In
teg
rate
d
An
alyt
ics
Co
nti
nu
ou
s R
isk
Ass
essm
ent
&
Co
nti
nu
ou
s A
ud
itin
g
Inte
gra
ted
C
on
tin
uo
us
Au
dit
ing
&
Co
nti
nu
ou
s M
on
ito
rin
g
Co
nti
nu
ou
s A
ssu
ran
ce
of E
nte
rpri
se
Ris
k M
anag
emen
t
Exe
cuti
on
an
d
Rep
ort
ing
• D
ata
Ana
lytic
s ar
e no
t util
ized
to
driv
e th
e ex
ecut
ion
of
the
audi
t pla
n in
trad
ition
al
audi
ting
• A
d ho
c da
ta
anal
ytic
s ar
e ut
ilize
d to
iden
tify
outly
ing
tran
sact
ions
or
to a
ssis
t in
sco
ping
th
e au
dit.
• U
se o
f an
alyt
ics
may
incl
ude
desc
riptiv
e an
d so
me
diag
nost
ic
• Ke
y bu
sine
ss
proc
esse
s ha
ve
auto
mat
ed
anal
ytic
s re
ady
for t
he a
udito
r du
ring
plan
ning
to
sco
pe
and
focu
s au
dit e
ffort
s.
• D
ata
anal
ytic
en
able
d au
dit
prog
ram
s
• U
se o
f an
alyt
ics
may
incl
ude
pres
crip
tive,
di
agno
stic
, an
d so
me
pred
ictiv
e
• A
utom
ated
A
uditi
ng
tech
niqu
es
achi
eve
seve
ral a
udit
obje
ctiv
es
base
d on
“e
xcep
tion”
au
ditin
g.
• In
tern
al A
udit
is c
onne
cted
to
the
sam
e da
ta a
nd
repo
rtin
g as
m
anag
emen
t an
d as
sess
es
the
qual
ity o
f th
e da
ta a
nd
the
anal
ytic
s m
onito
red
by
the
busi
ness
.
• Pr
edic
tive
and
pres
crip
tive
anal
ytic
s m
ay
be a
dded
to
the
desc
riptiv
e an
d di
agno
stic
• A
udit
proc
edur
es
are
desi
gned
to
ver
ify th
e un
derly
ing
data
ana
lysi
s an
d re
port
ing
of ri
sk a
t the
bu
sine
ss le
vel
to e
nsur
e th
at th
ey a
re
alig
ned
with
th
e E
nter
pris
e st
rate
gic
goal
s an
d ob
ject
ives
.
• A
utom
ated
au
ditin
g is
fo
cuse
d on
ro
ot c
ause
an
alys
is a
nd
man
agem
ent’s
re
spon
ses
to
risks
incl
udin
g bu
sine
ss
anom
alie
s an
d tr
igge
r eve
nts.
• C
onsi
sten
t use
of
ana
lytic
s in
clud
ing
desc
riptiv
e,
diag
nost
ic,
pred
ictiv
e an
d pr
escr
iptiv
e
Mat
uri
tyLe
vel I
Mat
uri
tyLe
vel I
IM
atu
rity
Leve
l III
Mat
uri
tyLe
vel I
VM
atu
rity
Leve
l V
8 | T
he M
atur
ity M
odel
Def
inin
g a
nal
ytic
cap
abili
ties
Ana
lytic
al c
apab
ilitie
s ca
n be
def
ined
and
org
aniz
ed in
to th
e fo
llow
ing
four
cat
egor
ies
of c
apab
ility
: Des
crip
tive,
D
iagn
ostic
, Pre
dict
ive
and
Pres
crip
tive.
You
will
nee
d to
man
age
the
capa
bilit
ies
as a
por
tfol
io. S
ee "A
dvan
ced
Ana
lytic
s: P
redi
ctiv
e, C
olla
bora
tive
and
Perv
asiv
e."
Des
crip
tive
an
alyt
ical
cap
abili
ties
: Des
crip
tive
anal
ysis
/mod
els
prov
ide
info
rmat
ion
abou
t the
sta
te o
f eve
nts,
tr
ends
, pat
tern
s an
d re
latio
nshi
ps in
the
exis
ting
data
and
pro
vide
the
basi
s fo
r mod
els
whi
ch m
ay b
e us
ed to
fin
d va
rianc
e to
pat
tern
s in
new
dat
a. (N
ote:
With
des
crip
tive
mod
els,
ther
e is
no
resp
onse
[dep
ende
nt] v
aria
ble
that
you
are
tryi
ng to
pre
dict
the
valu
e of
.) Th
e ty
pica
l kin
d of
ana
lytic
que
stio
n an
swer
ed is
"Wha
t hap
pene
d or
w
hat i
s ha
ppen
ing
right
now
and
how
doe
s it
rela
te to
his
toric
al p
atte
rns?
"
Dia
gn
ost
ic a
nal
ytic
al c
apab
iliti
es: T
hese
type
s of
ana
lysi
s ar
e de
velo
ped
to u
nder
stan
d th
e ca
uses
of a
n ou
tcom
e, o
ften
in th
e co
ntex
t of a
pro
cess
or r
elat
ed e
vent
s. V
ario
us te
chni
ques
and
mod
els
can
be u
sed
to a
bstr
act a
nd a
ccou
nt fo
r dep
ende
ncie
s am
ong
caus
al fa
ctor
s. Ty
pica
l kin
ds o
f ins
ight
pro
vide
by
this
sor
t of
ana
lysi
s in
clud
e an
swer
s to
the
busi
ness
que
stio
n "W
hy d
id it
hap
pen?
"
Pre
dic
tive
an
alyt
ical
cap
abili
ties
: The
se ty
pes
of a
naly
sis
are
deve
lope
d fo
r pre
dict
ing
the
valu
es o
f on
e or
mor
e re
spon
se (d
epen
dent
) var
iabl
es fr
om th
e va
lues
of p
redi
ctor
(ind
epen
dent
) var
iabl
es in
the
data
set.
Pre
dict
ive
mod
els
use
hist
oric
al d
ata
with
kno
wn
resp
onse
s to
dev
elop
(or e
stim
ate)
a m
odel
th
at c
an b
e us
ed to
pre
dict
val
ues
for n
ew d
ata.
The
se s
orts
of c
apab
ility
are
nee
ded
to s
uppo
rt
lead
ing
perf
orm
ance
mea
sure
s: e
.g.,
"Wha
t will
hap
pen?
" and
"Wha
t is
likel
y to
hap
pen?
"
Pre
scri
pti
ve a
nal
ytic
al c
apab
iliti
es: P
resc
riptiv
e m
odel
s an
d an
alys
is a
re u
sed
to d
evel
op a
co
urse
of a
ctio
n (a
dapt
atio
n) in
resp
onse
to a
n ev
ent o
r ser
ies
of e
vent
s. A
pre
scrip
tive
mod
el c
an
be u
sed
to d
efin
e an
d ar
ticul
ate
the
idea
l pro
cess
to fo
llow
to a
ddre
ss o
r res
pond
to a
n ev
ent.
G
iven
that
a c
erta
in a
ctio
n or
eve
nt h
as ta
ken
plac
e, th
e pr
escr
iptiv
e m
odel
can
be
used
to fi
nd
the
best
resp
onse
. Thi
s ki
nd o
f ana
lysi
s ca
n an
swer
bus
ines
s qu
estio
ns s
uch
as "W
hat i
s th
e re
com
men
ded
next
act
ion?
"
So
urc
e: B
est
Pra
ctic
es in
An
alyt
ics:
Inte
gra
tin
g A
nal
ytic
al C
apab
iliti
es a
nd
P
roce
ss F
low
s, G
artn
er, M
arch
201
2
The
Mat
urity
Mod
el |
5
Leve
l ILe
vel I
ILe
vel I
IILe
vel I
VLe
vel V
Inte
rnal
au
dit
dat
a an
alyt
ics
and
co
nti
nu
ou
s au
dit
ing
mat
uri
ty m
od
elA
ud
it M
eth
od
olo
gy-b
ased
Mat
uri
ty M
od
el
Usi
ng th
e m
atur
ity m
odel
to la
y th
e gr
ound
wor
k, a
n in
tern
al a
udit
orga
niza
tion
will
nee
d to
eva
luat
e its
cu
rren
t int
erna
l aud
it m
etho
dolo
gy fo
r aud
it pl
anni
ng, e
xecu
tion,
and
repo
rtin
g. T
he e
arly
pha
ses
of a
typi
cal
inte
rnal
aud
it m
etho
dolo
gy s
houl
d in
clud
e st
rate
gic
anal
ysis
and
ent
erpr
ise
risk
asse
ssm
ent.
Str
ateg
ic
anal
ysis
pro
vide
s an
initi
al u
nder
stan
ding
of a
n or
gani
zatio
n’s
busi
ness
from
a to
p-do
wn
pers
pect
ive
and
offe
rs a
fram
ewor
k to
hel
p id
entif
y or
gani
zatio
nal a
nd in
dust
ry is
sues
, str
ateg
ic o
bjec
tives
and
cha
lleng
es.
Nex
t, a
n en
terp
rise
risk
asse
ssm
ent i
s ne
cess
ary
to g
ain
insi
ght i
nto
the
risks
that
may
thre
aten
a c
ompa
ny’s
ac
hiev
emen
t of b
usin
ess
and
stra
tegi
c ob
ject
ives
.
For i
llust
rativ
e pu
rpos
es, w
e ar
e fo
cusi
ng th
e fo
llow
ing
page
s on
two
sele
ct p
hase
s of
the
inte
rnal
aud
it m
etho
dolo
gy –
inte
rnal
aud
it pl
an d
evel
opm
ent a
nd e
xecu
tion
and
repo
rtin
g –
to h
ighl
ight
the
appl
icat
ion
of,
and
char
acte
ristic
s re
latin
g to
the
inte
grat
ion
of, d
ata
anal
ytic
s w
ithin
the
refe
renc
e m
atur
ity m
odel
.
Mat
uri
ty L
evel
s
IAM
eth
od
olo
gyTr
adit
ion
al
Au
dit
ing
Ad
Ho
c In
teg
rate
d
An
alyt
ics
Co
nti
nu
ou
s R
isk
Ass
essm
ent
&
Co
nti
nu
ou
s A
ud
itin
g
Inte
grat
ed
Con
tinu
ous
Aud
itin
g &
C
onti
nuou
s M
onit
orin
g
Co
nti
nu
ou
s A
ssu
ran
ce
of E
nte
rpri
se
Ris
k M
anag
emen
t
Str
ateg
ic
An
alys
is
En
terp
rise
Ris
k A
sses
smen
t
Inte
rnal
A
ud
it P
lan
D
evel
op
men
t
Exe
cuti
on
an
d
Rep
ort
ing
Co
nti
nu
ou
s Im
pro
vem
ent
Typ
es o
f Dat
a A
nal
ytic
s A
pp
licab
leD
escr
iptiv
eD
escr
iptiv
e,
Dia
gnos
tic
Des
crip
tive,
D
iagn
ostic
, Pr
edic
tive
Des
crip
tive,
D
iagn
ostic
, Pr
edic
tive,
Pr
escr
iptiv
e
Des
crip
tive,
D
iagn
ostic
, Pr
edic
tive,
Pr
escr
iptiv
e
Dat
a A
naly
tics
are
gene
rally
not
use
dD
ata
Ana
lytic
s ar
e pa
rtia
lly u
sed
but
are
sub-
optim
ized
Dat
a A
naly
tics
are
effe
ctiv
ely
and
cons
iste
ntly
use
d (o
ptim
ized
)
Man
y or
gani
zatio
ns h
ave
an in
tere
st in
exp
andi
ng d
ata
anal
ytic
s an
d m
ovin
g be
yond
the
trad
ition
al a
uditi
ng p
roce
ss to
war
d re
peat
able
and
su
stai
nabl
e da
ta a
naly
tics-
enab
led
audi
ting,
qua
ntita
tive-
base
d co
ntin
uous
risk
ass
essm
ent f
or d
ynam
ic a
udit
plan
ning
and
con
tinuo
us
audi
ting.
Oth
ers
may
see
k ad
ditio
nal v
alue
thro
ugh
the
inte
grat
ion
of c
ontin
uous
aud
iting
and
con
tinuo
us m
onito
ring
func
tions
. And
the
truly
am
bitio
us w
ill g
o fu
rthe
r and
see
k to
ach
ieve
full
mat
urity
to a
chie
ve th
e co
ntin
uous
ass
uran
ce o
f ent
erpr
ise
risk
man
agem
ent.
The
auth
ors
do n
ot m
ean
to s
ugge
st th
at C
A n
eeds
to b
e in
pla
ce b
efor
e or
in o
rder
for C
M to
be
in p
lace
. CM
can
be
impl
emen
ted
by
man
agem
ent i
ndep
ende
nt o
f int
erna
l aud
it. H
owev
er, i
f bot
h C
A a
nd C
M a
re in
pla
ce, t
hey
shou
ld b
e in
tegr
ated
– w
hich
is th
e fo
cus
of
Mat
urity
Lev
el IV
.
6 | T
he M
atur
ity M
odel
Inte
rnal
au
dit
pla
n d
evel
op
men
t at
va
rio
us
mat
uri
ty le
vels
Inte
rnal
aud
it pl
an d
evel
opm
ent s
houl
d be
bas
ed o
n th
e pr
iorit
izat
ion
of th
e ris
ks id
entif
ied
durin
g th
e en
terp
rise
risk
asse
ssm
ent p
hase
of a
n au
dit m
etho
dolo
gy. I
nter
nal a
udit
plan
dev
elop
men
t inv
olve
s de
finin
g th
e op
erat
iona
l, fin
anci
al a
nd s
trat
egic
risk
s th
at n
eed
to b
e ad
dres
sed
thro
ugh
the
exec
utio
n of
the
inte
rnal
aud
it pl
an, i
nclu
ding
the
appr
oxim
ate
reso
urce
s ne
cess
ary
to a
ccom
plis
h th
e sc
ope,
and
pro
vide
s a
basi
s fo
r an
orga
niza
tion
to m
onito
r pro
gres
s an
d pe
rfor
man
ce. T
he u
se o
f ana
lytic
s-en
able
d au
ditin
g ch
arac
teris
tics
at th
is p
hase
incr
ease
s as
you
mov
e fr
om a
ver
y ba
sic
leve
l of m
atur
ity (M
atur
ity L
evel
I)
thro
ugh
to a
ver
y m
atur
e le
vel (
Mat
urity
Lev
el V
) as
repr
esen
ted
in th
e ch
art b
elow
.
Inte
rnal
A
ud
it D
ata
An
alyt
ics
and
C
on
tin
uo
us
Au
dit
ing
M
atu
rity
M
od
elTr
adit
ion
al
Au
dit
ing
Ad
Ho
c In
teg
rate
d
An
alyt
ics
Co
nti
nu
ou
s R
isk
Ass
essm
ent
&
Co
nti
nu
ou
s A
ud
itin
g
Inte
gra
ted
C
on
tin
uo
us
Au
dit
ing
&
Co
nti
nu
ou
s M
on
ito
rin
g
Co
nti
nu
ou
s A
ssu
ran
ce o
f E
nte
rpri
se R
isk
Man
agem
ent
Inte
rnal
A
ud
it P
lan
D
evel
op
men
t
• Li
mite
d us
e of
des
crip
tive
data
ana
lytic
s
• U
se o
f m
anag
emen
t re
port
ing
unde
rlyin
g da
ta to
pe
rform
bro
ad
desc
riptiv
e da
ta
anal
ytic
s (i.
e.
benc
hmar
king
)
• U
se o
f an
alyt
ics
may
incl
ude
desc
riptiv
e an
d so
me
diag
nost
ic
• A
pre
defin
ed
set o
f ana
lytic
s is
est
ablis
hed
to id
entif
y an
d pr
iorit
ize
risk
• A
utom
ated
ex
trac
t,
tran
sfor
m,
and
load
(ETL
), an
alyt
ics
and
repo
rtin
g
• U
se o
f an
alyt
ics
may
incl
ude
pres
crip
tive,
di
agno
stic
, an
d so
me
pred
ictiv
e
• M
anag
emen
t sy
stem
s ar
e le
vera
ged
to e
nabl
e co
ntin
uous
as
sess
men
t and
pr
iorit
izat
ion
of
busi
ness
risk
s
• Sy
stem
ge
nera
ted
anal
ytic
s an
d da
shbo
ards
ar
e m
onito
red
by th
e bu
sine
ss
agai
nst
spec
ified
ris
k cr
iteria
• Pr
edic
tive
and
pres
crip
tive
anal
ytic
s m
ay
be a
dded
to
the
desc
riptiv
e an
d di
agno
stic
• Th
e E
nter
pris
es’
stra
tegi
c go
al
and
obje
ctiv
es
are
alig
ned
with
risk
m
anag
emen
t pr
actic
es
• S
trat
egic
ob
ject
ives
and
ris
ks to
thos
e ob
ject
ives
are
m
onito
red
and
prio
ritiz
ed o
n a
cont
inuo
us
basi
s
• IA
Pla
n is
dy
nam
ic a
nd
able
to re
act t
o ch
ange
s in
the
busi
ness
• C
onsi
sten
t use
of
ana
lytic
s in
clud
ing
desc
riptiv
e,
diag
nost
ic,
pred
ictiv
e an
d pr
escr
iptiv
e
Mat
uri
tyLe
vel V
Mat
uri
tyLe
vel I
VM
atu
rity
Leve
l III
Mat
uri
tyLe
vel I
IM
atu
rity
Leve
l I
The
Mat
urity
Mod
el |
7
Inte
rnal
Au
dit
Pla
n D
evel
op
men
t at
Mat
uri
ty L
evel
s I
an
d
IIIn
trad
ition
al in
tern
al a
udit
met
hodo
logi
es (M
atur
ity L
evel
I), d
ata
anal
ytic
s ar
e no
t typ
ical
ly u
tiliz
ed to
de
velo
p th
e au
dit p
lan.
At t
he n
ext m
atur
ity le
vel o
f ad
hoc
anal
ytic
s (M
atur
ity L
evel
II),
inte
rnal
aud
it m
ay
use
som
e hi
gh le
vel q
uant
itativ
e m
easu
res,
suc
h as
fina
ncia
l sta
tem
ent t
rend
s an
d in
dust
ry b
ench
mar
king
, in
con
junc
tion
with
the
trad
ition
al q
ualit
ativ
e ap
proa
ch. T
he q
uant
itativ
e m
easu
res
are
utili
zed
to c
onfir
m a
nd
valid
ate
the
risks
and
are
as o
f foc
us id
entif
ied
durin
g th
e qu
alita
tive/
trad
ition
al p
lann
ing
proc
ess.
Thi
s ty
pe o
f id
entif
icat
ion
and
prio
ritiz
atio
n ty
pica
lly o
ccur
s on
an
annu
al b
asis
.
Inte
rnal
Au
dit
Pla
n D
evel
op
men
t at
Mat
uri
ty L
evel
III
Dur
ing
the
third
mat
urity
leve
l of c
ontin
uous
risk
ass
essm
ent a
nd c
ontin
uous
aud
iting
(Mat
urity
Lev
el II
I), in
tern
al
audi
t mon
itors
a n
umbe
r of q
uant
itativ
e m
easu
res
that
pro
vide
insi
ghts
to c
hang
es in
the
busi
ness
, con
trol
w
eakn
esse
s an
d bu
sine
ss p
erfo
rman
ce. T
he q
uant
itativ
e an
d qu
alita
tive
mea
sure
s ar
e al
igne
d w
ith p
riorit
y bu
sine
ss ri
sks
and
inte
rnal
aud
it ev
alua
tes
thes
e qu
antit
ativ
e an
d qu
alita
tive
mea
sure
s re
gula
rly th
roug
hout
th
e ye
ar o
n a
quar
terly
or m
onth
ly b
asis
. Bus
ines
s ris
ks a
nd a
udit
area
s ar
e re
-prio
ritiz
ed in
acc
orda
nce
with
the
busi
ness
risk
pro
file.
In a
dditi
on, t
he a
ssur
ance
of r
isk
appe
tite2 a
nd c
over
age
is fu
rthe
r ref
ined
and
enh
ance
d us
ing
data
ana
lytic
s. Th
e ty
pes
of a
naly
tics
used
may
incl
ude
desc
riptiv
e, d
iagn
ostic
and
eve
n so
me
pred
ictiv
e.
The
anal
ytic
s ut
ilize
d id
entif
y ris
ks th
at a
re o
utsi
de o
f est
ablis
hed
risk
appe
tite
para
met
ers
and
the
anal
ysis
is
per
form
ed m
ore
freq
uent
ly a
t det
erm
ined
tim
e in
terv
als.
At t
his
third
mat
urity
leve
l, ev
olvi
ng e
vent
s in
the
regu
lato
ry a
nd ri
sk e
nviro
nmen
t are
con
side
red
near
real
tim
e fo
r im
pact
to th
e bu
sine
ss a
nd fo
r bus
ines
s re
spon
se to
the
chan
ge in
the
envi
ronm
ent.
Inte
rnal
Au
dit
Pla
n D
evel
op
men
t at
Mat
uri
ty L
evel
IV
The
next
mat
urity
leve
l to
cons
ider
is c
ontin
uous
aud
iting
and
con
tinuo
us m
onito
ring
(Mat
urity
Lev
el IV
). A
t thi
s fo
urth
mat
urity
leve
l, pr
ojec
t pla
nnin
g du
ring
inte
rnal
pla
n de
velo
pmen
t inv
olve
s m
any
key
busi
ness
pr
oces
ses
that
leve
rage
bus
ines
s in
telli
genc
e an
d co
ntin
uous
mon
itorin
g te
chni
ques
to e
valu
ate
busi
ness
ris
k an
d fin
anci
al a
nd o
pera
tiona
l res
ults
. Ana
lytic
s in
clud
e bo
th in
tern
al a
nd e
xter
nal d
ata
and
resu
lts a
re
benc
hmar
ked
agai
nst l
eadi
ng p
ract
ices
. Int
erna
l aud
it le
vera
ges
the
busi
ness
’ con
tinuo
us m
onito
ring
proc
ess
and
outp
ut to
iden
tify
audi
t trig
ger e
vent
s an
d re
-prio
ritiz
e ris
ks a
t app
ropr
iate
inte
rval
s (e
.g.,
mon
thly
, qua
rter
ly,
etc.
). Th
e as
sura
nce
of ri
sk a
ppet
ite a
nd c
over
age
is fu
rthe
r ref
ined
and
enh
ance
d us
ing
data
ana
lytic
s.
Pred
ictiv
e an
alyt
ics
may
be
used
mor
e ex
tens
ivel
y an
d pr
escr
iptiv
e an
alyt
ics
may
be
intr
oduc
ed. D
ata
anal
ytic
s ar
e sy
stem
gen
erat
ed fr
om w
ithin
the
busi
ness
uni
ts to
ena
ble
audi
ts to
be
adde
d, a
ccel
erat
ed, d
ropp
ed,
or d
efer
red
(i.e.
, dyn
amic
aud
it pl
anni
ng).
Aud
it pl
ans
are
dyna
mic
ally
cre
ated
usi
ng a
num
ber o
f var
iabl
es,
incl
udin
g ke
y pe
rfor
man
ce in
dica
tors
(KPI
s), k
ey ri
sk in
dica
tors
(KR
Is),
and
hist
oric
al re
sults
prio
r aud
its.
Inte
rnal
Au
dit
Pla
n D
evel
op
men
t at
Mat
uri
ty L
evel
V
In th
e ul
timat
e m
atur
ity le
vel o
f con
tinuo
us a
ssur
ance
of e
nter
pris
e ris
k m
anag
emen
t (M
atur
ity L
evel
V),
inte
rnal
aud
it pl
an d
evel
opm
ent w
ould
invo
lve
the
mon
itorin
g of
an
ente
rpris
e’s
stra
tegi
c an
d bu
sine
ss p
roce
ss
risks
usi
ng b
usin
ess
inte
llige
nce
and
cont
inuo
us m
onito
ring
tech
niqu
es. T
he ri
sks
and
perf
orm
ance
indi
cato
rs
are
cont
inuo
usly
reco
ncile
d to
an
ente
rpris
e’s
stra
tegi
c bu
sine
ss o
bjec
tives
. The
str
ateg
ic ri
sk fa
ctor
s in
clud
e bo
th in
tern
al a
nd e
xter
nal f
acto
rs th
at m
ay in
hibi
t the
ach
ieve
men
t of t
he s
trat
egy
and
the
anal
ysis
of t
he
chan
ges
in ri
sk d
rives
the
prio
ritiz
atio
n of
aud
it ar
eas
on a
con
tinuo
us b
asis
at p
rede
term
ined
inte
rval
s (e
.g.,
daily
, wee
kly,
mon
thly
, etc
.). T
his
leve
l of m
atur
ity is
cha
ract
eriz
ed b
y a
mor
e ex
pans
ive
and
cons
iste
nt
use
of a
dvan
ced
anal
ytic
s in
clud
ing
pred
ictiv
e an
d pr
escr
iptiv
e an
alyt
ics.
2 R
isk
appe
tite
is g
ener
ally
rega
rded
as
the
amou
nt o
f ris
k th
at a
com
pany
is w
illin
g to
ass
ume
over
a p
erio
d of
tim
e an
d in
the
purs
uit o
f its
m
issi
on, T
urni
ng R
isk
into
Adv
anta
ge: A
Cas
e S
tudy
, KP
MG
LLP
(201
1)
