Audit Defense

Companies put lot of effort, money and time to mange information, which includes financial transactions, documents, sensitive information etc. Regulations and laws force companies to follow accounting and other standards to manage and file information in standard reports like financial statements etc. If there are discrepancies then legal authorities request audit to make sure there is no fraud, mis-representation etc.

In a company following teams look at enterprise data to make sure information and controls are adequate and represented correctly.

  • Internal auditors & specialists
  • Risk management team
  • Internal controls team
  • Compliance team
  • Quality Inspectors
  • Fraud investigators
  • External auditors
  • Regulators


Audit is a process which provides assurance that management has presented a ‘true and fair’ view of a company’s financial performance and position. Audit process typically assess a given area and express opinion whether it is presented accurately. There are following types of audits:

  • Internal controls
  • Compliance
  • Financial statements

Audit is a costly and lengthy process, which diverts company's resources, damages reputation, invokes legal action etc. To avoid audit companies setup strict business and ethical policies and insure proper internal controls are in place. Companies setup appropriate data access, risk management, communication and monitoring strategies.

Audit Steps

  • Plan - Plan audit team, gather requirements and lay out execution steps
  • Assess Risk - Understand company's industry, environment and what risks could lead to issues
  • Setup Strategy - Audit team develops a plan to perform audit, which includes testing approach of reported statements, internal controls etc.
  • Collect information - Gather information from companies books and other records, trace from where reported amounts came from, reconcile to reported financial statements etc. Understand assumptions and adjustments.
  • Perform testing & evaluation - Check if controls are adequate, financial statements are accurate, calculations are right, all transactions are included and reported correctly.

Insight Lake Audit Defense Solution

Solution enables companies to leverage Big Data to store information like financial transactions, documents from various systems at central repository, allow easy and fast exploration, find gaps, reconcile and automate the process. It allows easy UI for audit, risk and compliance team to perform their tasks easily.

Three Lines of Defense Model

Audit defense solution follows three lines of defense model to enable internal audit, risk, compliance, control and management teams to make sure there are no gaps and in-consistencies.

Data Analysis & Risk Identification

Audit defense solution enables stakeholders to explore large amount of data from central repository. Data analysis provides insight to detect fraud, issues, risks and other compliance errors.

Internal Audit Testing

Auditors look extensively at company's assets, processes and systems and perform following testing.

  • Auditors inspect all assets physical (property, plant) or data assets
  • Look at system access, who is allowed to access and make changes
  • Trace reported amounts and understand from where they came
  • Explore financial transactions and balances
  • Look at vendors both buyers and suppliers
  • Look at calculations and reconcile reported amounts to source/ledger.

Audit Defense solution allows internal audit teams to explore and conduct testing easily with an interactive UI.

Explore data

Explore data sets easily using an intuitive data explorer.

Explorer also provides features like highlighting rows/cells, adding tags and notes, which could be used for capturing additional information about data at cell level.

Audit Dashboard

Audit defense solution provides dashboard for internal audit and risk teams to see the following:

  • Audit alerts
  • Access gaps
  • Calculation issues
  • Reconciliation reports and trend
  • Quality issues
  • Governance gaps

Data Reconciliation

Data Reconciliation feature enables comparison of two data sets, which results in matching and non matching records. Data reconciliation can be done at various places, for example:

1 Source to target matching - In a data pipeline end step could be provisioned to check if target data store reflects all the source records. If records match that means data pipeline has properly processed all the records, otherwise something went wrong during the process.

2 Matching records from different data sources - Data validation/reconciliation can be done between two data sources, which could be built by separate data pipelines.

Data reconciliation can be automated to run at pre defined period to check the data consistency.

Drill down feature allows checkin what parent table records were used in formation of subject table's mismatched record. This helps in finding the gaps easily.

Data Adjustment

Data adjustment feature allows exploration of manually adjusted data sets before reporting. It also captures audit information like who changed, when, what changed, why change was done and who approved the change.

Data Lineage

Lineage feature allows visual tracing of data sets with clear business friendly data definitions.

Automation & Continuous monitoring

Audit process is costly and time consuming, when companies are large with complex hierarchies it becomes even more necessary to employ automated checks to avoid gaps.

Audit, compliance and risk teams explore enterprise data sets/systems to find gaps and inconsistencies. Building a central repository on Hadoop/Big Data enables them to automate these processes to generate alerts, reports on periodic basis. These reports and dashboards can be shared with executive management, internal or external audit teams or regulators.

Audit Defense solution allows automation of audit process steps like:

  • Discovery of system access and identification of gaps
  • Validation of calculations
  • Reconciliation of data stores for reporting to source data sets
  • Creation of audit risk profiles and business rules to generate periodic audit reports, which gets emailed.