Apply Data Analytics To Identify Anomalies
Help Questions
CPA Information Systems and Controls (ISC) › Apply Data Analytics To Identify Anomalies
An auditor uses data analytics to examine all vendor payments in a period and identifies several payments made on weekends to vendors with no prior transaction history. This technique is best described as:
Data visualization to present payment trends to management.
Regression analysis to predict future payment trends.
Data normalization to prepare data for statistical analysis.
Anomaly detection to identify transactions that deviate from expected patterns.
Explanation
Identifying payments that deviate from expected patterns (weekend timing, unknown vendors) is anomaly detection - a core data analytics technique used in auditing and fraud examination. Answer C is correct. Regression analysis (A) predicts relationships between variables. Data normalization (B) is a data preparation step. Visualization (D) presents findings but does not perform the detection.
A company's internal auditor runs a Benford's Law analysis on expense reimbursement data. The analysis reveals that the digit '5' appears as the leading digit far more frequently than expected. This finding most likely suggests:
Employees are rounding expenses to the nearest dollar.
Employees may be fabricating or manipulating expense amounts, potentially clustering just below a review threshold.
The expense system contains data entry errors from incorrect date fields.
The expense data is accurate and normally distributed.
Explanation
Benford's Law predicts the natural frequency of leading digits in large numeric datasets. A spike in '5' as the leading digit often signals amounts clustered just below a common approval threshold (e.g., $500 or $5,000), a red flag for fraud. Answer B is correct. Accurate data (A) would conform to expected Benford's distribution. Date errors (C) would not create a leading-digit pattern in amounts. Rounding (D) affects trailing digits, not leading digits systematically.
Which of the following data analytics tools is most commonly used by auditors to extract, transform, and analyze large volumes of structured data from accounting and ERP systems?
Audit command language (ACL) / Galvanize or IDEA (Interactive Data Extraction and Analysis).
Python scripts for unstructured web data scraping.
Database normalization tools for schema design.
Business intelligence dashboards for executive reporting.
Explanation
ACL (now Galvanize) and IDEA are purpose-built audit data analytics tools designed to extract, manipulate, and analyze structured financial data from ERP and accounting systems. Answer A is correct. Python web scraping (B) targets unstructured external data. BI dashboards (C) are reporting tools, not audit analytics platforms. Database normalization tools (D) are for schema design, not analysis.
Which of the following statements best describes a 'continuous auditing' approach using data analytics?
An automated process that analyzes transactions on an ongoing basis and generates alerts when anomalies or exceptions are detected.
A method of preparing financial statements using real-time accounting data.
An approach in which auditors perform manual testing of controls on a sample basis.
An audit conducted once per year using a complete population of transactions.
Explanation
Continuous auditing leverages automated analytics to monitor the full population of transactions on an ongoing basis, flagging exceptions for immediate investigation rather than waiting for periodic audits. Answer C is correct. Annual full-population testing (A) is traditional auditing. Manual sampling (B) is also traditional. Real-time financial reporting (D) is a financial reporting concept, not continuous auditing.
A company's purchasing analytics system flags all purchase orders where the order amount is just below the manager approval threshold of $10,000. This type of control is designed to detect which type of fraudulent activity?
Purchase order splitting - breaking a large purchase into smaller amounts to avoid authorization controls.
Vendor master file manipulation to add fictitious vendors.
Unauthorized changes to inventory quantities in the ERP system.
Duplicate payments to legitimate vendors.
Explanation
Flagging transactions just below approval thresholds detects 'splitting' - deliberately structuring purchases in amounts below authorization limits to circumvent controls. Answer A is correct. Vendor master manipulation (B) involves changes to vendor data. Duplicate payments (C) are detected by matching, not threshold analysis. Inventory quantity changes (D) are unrelated to purchase order amounts.
An auditor performs a gap analysis on a sequence of pre-numbered sales invoices. The purpose of this analysis is to:
Calculate the statistical distribution of invoice amounts across customers.
Detect duplicate invoice numbers that have been used more than once.
Identify invoices with amounts that deviate from the average transaction value.
Identify missing invoice numbers that may indicate unrecorded sales transactions.
Explanation
A gap analysis on pre-numbered documents identifies breaks in the numeric sequence, which may indicate missing or suppressed transactions - a key completeness test in auditing. Answer C is correct. Deviation from average amounts (A) is an exception test. Duplicate detection (B) is a separate test. Statistical distribution (D) is a different analytical procedure.
Which of the following best describes the use of 'data profiling' as a precursor to audit analytics?
Examining the structure, content, and quality of a dataset to understand its characteristics and identify potential data issues before analysis.
Encrypting sensitive data fields before analysis to protect privacy.
Visualizing data in charts to present findings to audit committees.
Applying statistical models to predict future transaction patterns.
Explanation
Data profiling involves understanding the dataset - its completeness, format consistency, range of values, null fields, and other characteristics - before running analytics, ensuring the analysis will produce reliable results. Answer C is correct. Predictive modeling (A) is a subsequent analytics step. Visualization (B) presents results. Encryption (D) is a data security measure.
A company implements an automated three-way match control in its accounts payable system. Which type of anomaly does this control primarily prevent?
Duplicate employee records in the HR system.
Payment of invoices that do not have a matching purchase order and goods receipt.
Journal entries posted to incorrect general ledger accounts.
Unauthorized changes to the vendor master file.
Explanation
A three-way match control compares the purchase order, goods receipt, and vendor invoice to ensure all three agree before payment is processed, preventing payment for goods not ordered or not received. Answer D is correct. Duplicate HR records (A) are unrelated. Vendor master changes (B) require access controls. GL coding errors (C) are addressed by coding controls, not three-way match.
Which of the following describes a 'false positive' in the context of audit data analytics anomaly detection?
A data quality issue that corrupts the results of the analysis.
A genuine anomaly that was missed by the analytics procedure.
A transaction flagged as an anomaly by the analytics that, upon investigation, turns out to be a legitimate transaction.
An analytics procedure that produces incorrect calculations due to a programming error.
Explanation
A false positive occurs when the analytics flags a transaction that appears anomalous but is actually legitimate. Managing false positives is important to avoid wasting investigative resources. Answer B is correct. A missed genuine anomaly (A) is a false negative. Programming errors (C) are data analytics integrity issues. Data corruption (D) is a data quality issue.
Under audit standards, when data analytics identifies a high volume of exceptions requiring follow-up, the auditor should:
Immediately report all exceptions to law enforcement as potential fraud.
Dismiss all exceptions as false positives and rely on management's representations.
Expand the sample size to include more transactions in the analysis.
Apply professional judgment to prioritize the highest-risk exceptions and perform targeted investigation, documenting conclusions for each.
Explanation
When analytics produces many exceptions, the auditor applies professional judgment to prioritize those most likely to represent significant issues, investigates them, and documents the conclusions. Answer A is correct. Not all exceptions are fraud (B). Dismissing all exceptions (C) violates auditing standards. Expanding the sample (D) is irrelevant when full population analytics is already being used.