Conducting Remote Audits Using Integrated Information Analysis Systems
by Mikhail Petrov, Director, Digital Transformation Department, Accounts Chamber of the Russian Federation; Ksenia Kostash, Head of Division, Digital Transformation Department, Accounts Chamber of the Russian Federation; and Aleksandr Chistoborodov, Deputy Director, Federal Center of Informatization, Accounts Chamber of the Russian Federation
The Accounts Chamber of the Russian Federation (Accounts Chamber), Russia’s Supreme Audit Institution (SAI), recently began using an Information Analysis System (IAS) integrated with government databases in an effort to conduct remote audits. The SAI’s experience demonstrates benefits of such an approach and identifies implementation requirements.
As government organizations increasingly use information technologies to achieve goals, audit agencies may consider remote audits as an alternative to traditional on-site audits.
Several factors aid audit agencies in conducting remote audits, including computerization along with database access that is easier and more secure. However, remote audits may not always be feasible, particularly considering remote access to classified information.
If a remote audit is possible, the IAS provides numerous advantages, including the ability to more efficiently use resources by reducing the number of on-site inspections (or eliminating the need for them altogether). Employing an IAS offers several advantages, including full continuous database access; quick information searches; reduced time in receiving requested information; elimination of paper documentation; efficient resource use; and enhanced data analysis and reporting preparation.
Developing an Information Analysis System
In 2015, the Accounts Chamber developed and introduced the IAS to conduct remote audits based on 2013 federal law giving the SAI a mandate to directly access auditee information systems.
Since the IAS launch, the Accounts Chamber has enhanced the system’s functionality to provide direct data access from more than 130 information systems in more than 30 state agencies, including the Federal Treasury, Ministry of Finance, and Ministry of Digital Development, Communications and Mass Media.
The IAS, with its intuitive interface, allows remote auditors to quickly target and access comprehensive and reliable information, even during the early stages of the audit process. The system streamlines the process through the ability to view and analyze data and prepare reports. Auditors use IAS tools to analyze text to help identify procedural violations and attempted concealment in the public procurement process. With the help of this method, the Accounts Chamber detected more than 650 violations (10 percent of the total number of violations identified that year) in 2017.
Statistical analyses of large datasets also facilitates a risk-based approach to planning. By analyzing the number of violations committed by auditees, as well as the amount of funds allocated to them, auditors can identify entities most at risk of committing violations and then adjust audit focus accordingly.
Information Analysis Systems to Conduct Effective Remote Audits
The Accounts Chamber has found that effective remote audits require an appropriate legal framework, technical measures and system integration:
Legal Framework. There must be an established legal framework that (1) regulates procedures for conducting remote audits using information systems and (2) grants audit agencies the right to:
- Access audited entity databases at any time;
- Request detailed information on data related to the activities under consideration;
- Make data-related recommendations (both content and organization); and
- Request data be provided in certain formats.
Technical Measures. When conducting remote audits, it is recommended audit agencies:
- Use Internet security software when remotely accessing data;
- Ensure receipt of complete data from information systems of auditees; and
- Have the capacity to process and compare data in different formats.
Integrated Information Analysis System. When collecting audit data remotely, audit agencies can access different data sources, such as internal databases of audited entities; systems that aggregate and analyze data collected from different sources; and websites and publications available on the Internet. Accessing data from these sources requires an IAS equipped with a search engine to facilitate data search and sorting. To facilitate analysis, auditors can store the data in digital warehouses, which further enables criteria-based data searches, including source and time period.
Regularly updating relevant information is essential, and audit agencies can do so by:
- Tracking legal changes related to data content and format;
- Monitoring planned changes in information systems that could impact interfacing with the audit agency’s IAS;
- Comparing the data received from different information systems to identify any irregularities to which auditors should pay attention; and
- Monitoring types of data analysis carried out within information systems for possible IAS incorporation.
As a data collection tool, the IAS is a single-platform source of analytical data that can be used to build data marts, aggregate data and provide prompt analysis and monitoring of various indicators contained in external information systems. Collecting information onto one platform and providing modern data analysis tools, remote audits can lead to additional cost reductions. Currently, more than 500 state organizations in Russia are connected to the automated information collection tool.
To implement this approach, the Accounts Chamber also aims to develop an automated “Digital Inspector” workplace designed to work with consolidated qualitative information on auditees in “single window” mode. A single entry point platform based on digitally stored data, Digital Inspector will also provide powerful risk-oriented analytical models and visual tools.
The Account Chamber’s successful implementation of remote audits using an IAS suggests audit agencies in other countries may benefit from a similar approach. While it is important to continue improving remote audit methods and technologies, it is equally important to standardize remote audit approaches locally, regionally and internationally.
Access interactive article here.