Over the span of 16 weeks, the team developed a custom model using Python, an open-source computing language, to scope the audit in a more data-driven and risk-based way—ultimately proving that data science can enhance the audit scoping process. After RSM completed the proof of concept, the client engaged the team to increase the depth of information accessible to the model by incorporating additional data sources like consumer complaints, regulatory standards, and application risk assessments. The resulting solution is usable not only by internal audit but also by other risk owners such as compliance specialists.
“There were a number of positive outcomes of the process, including faster planning, a focus on the ‘right’ risks and controls, leveraging ‘dark data,’ and increased machine-learning accessibility and literacy,” says Michael Apmann, national leader for RSM’s financial services risk technology practice. “We also started to see collaboration across the lines of defense to share models, ideas, and data.”
Internal auditors face real challenges in scoping and designing an audit, often wading through large volumes of data to fine-tune their focus, particularly in complex cases. While planning is important, the time spent on this initial step can sometimes impede performance of the audit itself—and for the sake of expedience, audit departments frequently fall back on results of prior years’ audits without assessing the organization’s current risk profile.
Audit departments across the globe are increasingly harnessing technology to streamline and improve this complex and often subjective process. Doing so is especially crucial for banks subject to rigorous regulatory and compliance standards and/or that have integrated internal audit teams with specialized subsectors like compliance and technology. Aligning opinions and independent risk evaluations within an integrated audit team is a frequent challenge. An intelligent automation solution serves as a truly objective third party that can use data to facilitate conversation and consensus quickly and consistently.
The solution RSM’s team developed for this client uses data from control self-assessments, issues, consumer complaints and regulatory standards to help quantify risk within the organization’s processes and controls and enable faster more agile decision-making. But the solution wasn’t just about tapping into data; the use of documentation of team members’ daily process flows enabled the identification of gaps, pain points, and inconsistencies in how risk is quantified during the audit planning process.
RSM’s collaborative approach was another factor that increased agility for the client down the line. The firm used an Agile methodology to facilitate the audit planning project—an approach so effective that the bank’s internal audit department sought to apply it to the audit function itself.
The solution RSM helped the bank implement was developed in conjunction with a scheduled audit of retail credit card lending, but can be applied to risk across other aspects of the business. Through its project experience with other big banks, the RSM team understood that to optimize value, the solution would need to be scalable across other business lines, like mortgages and loans.
“We don’t have a tool that can just be used by one specific group,” says Louis Castagliola, a data analytics manager at RSM. “It can be leveraged across other functions in the bank.”