When performing data analytics, the process typically follows a structured approach. Once the internal auditor has determined the expected value from the review, the next logical step is to obtain the data. Without acquiring the necessary datasets, further actions such as normalization, risk identification, and analysis cannot be effectively carried out.
(A) Incorrect – Normalize the data.
Normalization is a preprocessing step that occurs after data has been obtained.
Before normalizing, the auditor must first access and collect relevant data sources.
(B) Correct – Obtain the data.
Data acquisition is a critical step in data analytics.
The auditor must gather relevant and reliable data from internal and external sources before proceeding with further steps such as cleansing, normalization, and analysis.
(C) Incorrect – Identify the risks.
Risk identification is an essential part of the audit process but typically comes after obtaining and reviewing data patterns.
Without data, identifying risks would be speculative rather than evidence-based.
(D) Incorrect – Analyze the data.
Data analysis comes after obtaining, cleaning, and structuring the data.
Jumping straight to analysis without ensuring data quality would lead to inaccurate conclusions.
IIA’s GTAG (Global Technology Audit Guide) – Data Analytics
Recommends obtaining data as the initial step in data-driven audits.
IIA’s Global Internal Audit Standards – Use of Data Analytics in Auditing
Stresses the importance of data acquisition before proceeding with normalization and analysis.
COSO’s ERM Framework – Data-Driven Decision Making
Highlights the importance of securing data for risk identification and mitigation.
Analysis of Answer Choices:IIA References and Internal Auditing Standards:
Submit