Off the Leash: Audit’s Tools Confusion Is Holding Us Back: Here’s How to Fix It
I’ve been away from my “Off the Leash” Series for a bit now, tending to mid-year duties, An interview yesterday, and a pointed discussion about “tools,” made it clear: as auditors, we’re still tripping over the basics.
As always in risk, audit, and compliance, language matters.
When we confuse methods with tools, or buzzwords with practice, we lose credibility. That’s where I found myself after that call, and it’s where too many auditors still are today.
Too many auditors still think “tools” means Excel and a clipboard. Regulators don’t want to see 25 sample tests anymore, they want proof that you tested 100% of the population, that your results are repeatable, and that your logic is defensible. We’ve let “tools” become a buzzword, when what we really need is a working toolkit of scripts, platforms, and automation that can withstand scrutiny. That realization hit me after a recent interview, and it’s worth fixing.
What’s Broken
What’s broken is simple:
We confuse tools with languages.
We confuse buzzwords with practice.
We confuse samples with populations.
And as long as we stay confused, we stay behind.
Step 1: SQL Patterns Every Auditor Should Know
The foundation is simple SQL logic. Every auditor should understand these patterns:
Duplicates → GROUP BY + HAVING
Completeness → LEFT JOIN + IS NULL
Reconciliation → SUM Comparisons
Outliers → WHERE filters
Ghost Users → HR roster join
Example:
Duplicate Detection (GROUP BY + HAVING)
SQL Pattern:
SELECT InvoiceNumber, COUNT(*) AS NumOccurrences FROM AccountsPayable GROUP BY InvoiceNumber HAVING COUNT(*) > 1;
Purpose: Identify duplicate records that may indicate fraud or errors.
Typical Use Case: Detect duplicate vendor payments or wire transfers.
Step 2: Expanding the Script Library
Patterns are just the start. A real audit toolkit means having a script library ready to go, so you’re not reinventing the wheel every quarter.
My Audit SQL Script Handbook covers:
Duplicate transactions
Missing records
Recalculation tests
Outlier transactions
User access reviews
Segregation of duties
Reconciliations
Timeliness of recording
Inactive accounts
Example:
SELECT InvoiceNumber, COUNT(*) AS NumOccurrences
FROM AccountsPayable
GROUP BY InvoiceNumber
HAVING COUNT(*) > 1;
Purpose: Identify duplicate invoices or payments that may indicate control failure or fraud.
Risk Addressed: Duplicate payments, fraud, or poor vendor master data management.
Adaptation Notes: Adjust table and column names; may also use DISTINCT or window functions in some RDBMS.
Step 3: Choosing the Right Tool for the Job
Scripts only work if you run them in the right environment. Not everything belongs in SQL.
From my Bank Audit Tool Selection Cheat Sheet:
SQL → Core reconciliations and completeness testing
VBA → Automating Excel-based extracts
Python → Fraud and AML analytics at scale
ACL/IDEA → Audit platforms with pre-built routines and logging
Power BI/Tableau → Continuous monitoring dashboards
Step 4: Picking Platforms That Scale
In banking, platforms matter as much as scripts. Regulators recognize some names and expect to see them in use.
From my Bank Audit Analytics Platform Decision Matrix:
ACL/Galvanize → Regulator-recognized, strong reconciliation, expensive
IDEA → User-friendly, great for mixed-skill audit teams
Arbutus → Scalable, cost-effective, less well-known
Step 5: AI Is a Tool, Not a Crutch
AI can draft a script in seconds. But AI won’t sit in front of an OCC examiner and explain why you grouped by invoice number or joined to HR tables. That’s our job.
The fix: combine AI’s speed with professional judgment. Audit credibility depends on our ability to explain objective, method, and evidence, no matter who wrote the query.
AI is great at drafting scripts. Auditors are great at explaining why they matter. Together, that’s the future.
Closing
Being a modern auditor means fixing the “tools” problem once and for all. Not by chasing buzzwords, but by building and using a real toolkit, SQL patterns, script libraries, tool selection, platform comparisons, and yes, AI.
Off the leash, that’s how we move the profession forward.
