Benford's law for integrity tests of high-volume databases: a case study of internal audit in a state-owned enterprise
Keywords:
Internal audit, Benford’s law, Relational databases, Argentina, Latin America, ERP, Audit data analytics, Audit trail analysis, Inherent risk, State-owned enterprise (SOE)Abstract
PurposeThe technical feasibility of using Benford's law to assist internal auditors in reviewing the integrity of high-volume data sets is analysed. This study explores whether Benford's distribution applies to the set of numbers represented by the quantity of records (size) that comprise the different tables that make up a state-owned enterprise's (SOE) enterprise resource planning (ERP) relational database. The use of Benford's law streamlines the search for possible abnormalities within the ERP system's data set, increasing the ability of the internal audit functions (IAFs) to detect anomalies within the database. In the SOEs of emerging economies, where groups compete for power and resources, internal auditors are better off employing analytical tests to discharge their duties without getting involved in power struggles.
Design/methodology/approachRecords of eight databases of an SOE in Argentina are used to analyse the number of records of each table in periods of three to 12 years. The case develops step-by-step Benford's law application to test each ERP module records using Chi-squared (χ²) and mean absolute deviation (MAD) goodness-of-fit tests.
FindingsBenford's law is an adequate tool for performing integrity tests of high-volume databases. A minimum of 350 tables within each database are required for the MAD test to be effective; this threshold is higher than the 67 reported by earlier researches. Robust results are obtained for the complete ERP system and for large modules; modules with less than 350 tables show low conformity with Benford's law.
Research limitations/implicationsThis study is not about detecting fraud; it aims to help internal auditors red flag databases that will need further attention, making the most out of available limited resources in SOEs. The contribution is a simple, cheap and useful quantitative tool that can be employed by internal auditors in emerging economies to perform the first scan of the data contained in relational databases.
Practical implicationsThis paper provides a tool to test whether large amounts of data behave as expected, and if not, they can be pinpointed for future investigation. It offers tests and explanations on the tool's application so that internal auditors of SOEs in emerging economies can use it, particularly those that face divergent expectations from antagonist powerful interest groups.
Originality/valueThis study demonstrates that even in the context of limited information technology tools available for internal auditors, there are simple and inexpensive tests to review the integrity of high-volume databases. It also extends the literature on high-volume database integrity tests and our knowledge of the IAF in Civil law countries, particularly emerging economies in Latin America.
Downloads
References
Abuazza, W., Mihret, D., James, K. and Best, P. (2015), “The perceived scope of internal audit function in Libyan public enterprises”, Managerial Auditing Journal, Vol. 30 Nos 6/7, pp. 560-581.
Ahmad, H., Othman, R., Othman, R. and Jusoff, K. (2009), “The effectiveness of internal audit in Malaysian public sector”, Journal of Modern Accounting and Auditing, Vol. 5 No. 952, pp. 1548-6583.
American Institute of Accountants (AIA) (1947), Tentative Statement of Auditing Standards, Their Generally Accepted Significance and Scope, AIA, New York, NY.
American Institute of Certified Public Accountants (AICPA) (2015), Audit Analytics and Continuous Audit: Looking toward the Future, AICPA, New York, NY.
Appelbaum, D., Kogan, A. and Vasarhelyi, M.A. (2016), “Analytics in external auditing: a literature review”, Working paper, The State University of New Jersey, Rutgers.
Appelbaum, D., Kogan, A. and Vasarhelyi, M.A. (2017), “Big data and analytics in the modern audit engagement: research needs”, Auditing: A Journal of Practice and Theory, Vol. 36 No. 4, pp. 1-27.
Areneke, G., Yusuf, F. and Kimani, D. (2019), “Anglo-American governance adoption in non-Anglo-American settings: assessing practitioner perceptions of corporate governance across three emerging economies”, Managerial Auditing Journal, Vol. 34 No. 4, pp. 482-510.
Basic, M., Ribic, M., Jahic, L. and Bajraktarevic, E. (2015), “Role of PIFC implementation on the development of internal audit and control and its effects on the reform of the public sector in B&H”, Sarajevo Business and Economics Review (Zbornik Radova), Vol. 34, pp. 9-29.
Benford, F. (1938), “The law of anomalous numbers”, Proceedings of the American Philosophical Society, Vol. 78 No. 4, pp. 551-572.
Betti, N. and Sarens, G. (2021), “Understanding the internal audit function in a digitalised business environment”, Journal of Accounting and Organizational Change, Vol. 17 No. 2, pp. 197-216.
Bhattacharya, S., Xu, D. and Kumar, K. (2011), “An ANN-based auditor decision support system using Benford's Law”, Decision Support Systems, Vol. 50 No. 3, pp. 576-584.
Boskou, G., Kirkos, E. and Spathis, C. (2019), “Classifying internal audit quality using textual analysis: the case of auditor selection”, Managerial Auditing Journal, Vol. 34 No. 8, pp. 924-950.
Botero, J.C., Djankov, S., La Porta, R., López-de-Silanes, F. and Shleifer, A. (2004), “The regulation of labour”, The Quarterly Journal of Economics, Vol. 119 No. 4, pp. 1339-1382.
Bozinoska, S. (2020), “Perspectives for development of the internal audit in the public sector in the republic of North Macedonia”, Journal of Sustainable Development (1857-8519), Vol. 10 No. 24, pp. 3-13.
Bozkus Kahyaoglu, S. and Caliyurt, K. (2018), “Cyber security assurance process from the internal audit perspective”, Managerial Auditing Journal, Vol. 33 No. 4, pp. 360-376.
Burnaby, P. and Hass, S. (2011), “Internal auditing in the Americas”, Managerial Auditing Journal, Vol. 26 No. 8, pp. 734-756.
Busta, B. and Weinberg, R. (1998), “Using Benford's law and neural networks as a review procedure”, Managerial Auditing Journal, Vol. 13 No. 6, pp. 356-366.
Byrnes, P.E., Criste, T., Stewart, T. and Vasarhelyi, M. (2015), “Reimagining auditing in a wired world”, Chapter 4, in Audit Analytics and Continuous Audit: Looking toward the Future, AICPA, New York, NY.
Carreira, P. and Gomes da Silva, C. (2016), “Assessing the omission of records from a data set using Benford's law”, Journal of Financial Crime, Vol. 23 No. 4, pp. 798-805.
Carrera, C. (2015), “Tracking exchange rate management in Latin America”, Review of Financial Economics, Vol. 25 No. 1, pp. 35-41.
Carslaw, C.A.P.N. (1988), “Anomalies in income numbers: evidence of goal-oriented behavior”, The Accounting Review, Vol. 63 No. 2, pp. 321-327.
Chowdhury, A. and Shil, N.C. (2019), “Influence of new public management philosophy on risk management, fraud and corruption control and internal audit: evidence from an Australian public sector organization”, Accounting and Management Information Systems/Contabilitate Si Informatica de Gestiune, Vol. 18 No. 4, pp. 486-508.
Cleary, R. and Thibodeau, J. (2005), “Applying digital analysis using Benford's law to detect fraud: the dangers of type I errors”, Auditing-a Journal of Practice and Theory, Vol. 24 No. 1, pp. 77-81.
Cukier, K. and Mayer-Schoenberger, V. (2013), “Rise of Big Data: how it's changing the way we think about the world”, Foreign Affairs, Vol. 92 No. 3, pp. 28-40.
Djankov, S., La Porta, R., Lopez-de-Silanes, F. and Shleifer, A. (2002), “The regulation of entry”, Quarterly Journal of Economics, Vol. 117, pp. 1-37.
Djankov, S., La Porta, R., Lopez-de-Silanes, F. and Shleifer, A. (2003), “Courts”, Quarterly Journal of Economics, Vol. 118, pp. 457-522.
Emil, G. and Mircea, S. (2008), “The progress and structure of the internal and public audit in Romania”, Annals of the University of Oradea, Economic Science Series, Vol. 17 No. 4, pp. 262-264.
Emmanuel, O.E., Ajanya, M.A. and Audu, F. (2013), “An assessment of internal control audit on the efficiency of public sector in Kogi State Nigeria”, Mediterranean Journal of Social Sciences, Vol. 4 No. 11, pp. 717-726.
Erasmus, L. and Coetzee, P. (2018), “Drivers of stakeholders' view of internal audit effectiveness: management versus audit committee”, Managerial Auditing Journal, Vol. 33 No. 1, pp. 90-114.
Fuertes-Callen, Y., Cuéllar-Fernández, B. and Pelayo-Velázquez, M. (2014), “Determinants of online corporate reporting in three Latin American markets: the role of web presence development”, Online Information Review, Vol. 38 No. 6, pp. 806-831.
Garven, S. and Scarlata, A. (2021), “An examination of internal audit function size: evidence from U.S. Government and nonprofit sectors”, Current Issues in Auditing, Vol. 15 No. 1, pp. A38-A56.
Gramling, A. and Schneider, A. (2018), “Effects of reporting relationship and type of internal control deficiency on internal auditors' internal control evaluations”, Managerial Auditing Journal, Vol. 33 No. 3, pp. 318-335.
Hay, D. and Cordery, C. (2018), “The value of public sector audit: literature and history”, Journal of Accounting Literature, Vol. 40, pp. 1-15.
Hill, T.P. (1995), “A statistical derivation of the significant digit law”, Statistical Science, Vol. 10 No. 4, pp. 354-363.
International Standard on Auditing (ISA) Nº300 (2009), Planning an Audit of Financial Statements, International Auditing and Assurance Standards Board (IAASB), New York.
International Standard on Auditing (ISA) Nº 315 (2016), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment, International Auditing and Assurance Standards Board (IAASB), New York.
International Standard on Auditing (ISA) Nº 330 (2006), The Auditor's Responses to Assessed Risks, International Auditing and Assurance Standards Board (IAASB), New York.
Islam, M., Farah, N. and Stafford, T. (2018), “Factors associated with security/cybersecurity audit by internal audit function: an international study”, Managerial Auditing Journal, Vol. 33 No. 4, pp. 377-409.
Kabuye, F., Nkundabanyanga, S., Opiso, J. and Nakabuye, Z. (2017), “Internal audit organisational status, competencies, activities and fraud management in the financial services sector”, Managerial Auditing Journal, Vol. 32 No. 9, pp. 924-944.
Kokina, J. and Davenport, T. (2017), “The emergence of artificial intelligence: how automation is changing auditing”, Journal of Emerging Technologies in Accounting, Vol. 14 No. 1, pp. 115-122.
Kotb, A., Elbardan, H. and Halabi, H. (2020), “Mapping of internal audit research: a post-Enron structured literature review”, Accounting, Auditing and Accountability Journal, Vol. 33 No. 8, pp. 1969-1996, doi: 10.1108/AAAJ-07-2018-3581.
La Porta, R.L., Lopez-de-Silanes, F. and Shleifer, A. (2008), “The economic consequences of legal origins”, Journal of Economic Literature, Vol. 46 No. 2, pp. 285-332.
Lacina, M., Lee, B. and Kim, D. (2018), “Management of revenue and earnings in Korean firms influenced by cognitive reference Points Review of Pacific basin financial markets and policies (RPBFMP)”, World Scientific Publishing Co.Pte.Ltd., Vol. 21 No. 2, pp. 1-36.
Lanham, S. (2019), “Analyzing big data with Benford's law: a lesson for the classroom”, American Journal of Business Education, Vol. 12 No. 2, pp. 33-42, doi: 10.19030/ajbe.v12i2.10285.
Länsiluoto, A., Jokipii, A. and Eklund, T. (2016), “Internal control effectiveness – a clustering approach”, Managerial Auditing Journal, Vol. 31 No. 1, pp. 5-34.
Miranda-Zanetti, M., Delbianco, F. and Tohme, F. (2019), “Tampering with inflation data: a Benford law-based analysis of national statistics in Argentina”, Physica A: Statistical Mechanics and Its Applications, Vol. 525, pp. 761-770.
Neu, D., Everett, J., Rahaman, A.S. and Martinez, D. (2013), “Accounting and networks of corruption”, Accounting, Organizations and Society, Vol. 38 Nos 6-7, pp. 505-524.
Nigrini, M.J. (1996), “Taxpayer compliance application of Benford's law”, Journal of the American Taxation Association, Vol. 18 No. 1, pp. 72-92.
Nigrini, M.J. (1999), “Adding value with digital analysis”, The Internal Auditor, Vol. 56 No. 1, pp. 21-23.
Nigrini, M. (2012), Benford's Law: Applications for Forensic Accounting, Auditing, and Fraud Detection, John Wiley & Sons, Hoboken, NJ.
Nigrini, M.J. (2017), “Audit sampling using Benford's law: a review of the literature with some new perspectives”, Journal of Emerging Technologies in Accounting, Vol. 14 No. 2, pp. 29-46.
Nigrini, M.J. (2019), “The patterns of the numbers used in occupational fraud schemes”, Managerial Auditing Journal, Vol. 34 No. 5, pp. 606-626.
Nigrini, M.J. and Mittermaier, L.J. (1997), “The use of Benford's law as an aid in analytical procedures”, Auditing: A Journal of Practice and Theory, Vol. 16 No. 2, pp. 52-67.
Okundaye, K., Fan, S.K. and Dwyer, R.J. (2019), “Impact of information and communication technology in Nigerian small-to medium-sized enterprises”, Journal of Economics, Finance and Administrative Science, Vol. 24 No. 47, pp. 29-46.
Oussii, A.A. and Boulila Taktak, N. (2018), “Audit report timeliness: does internal audit function coordination with external auditors matter? Empirical evidence from Tunisia”, EuroMed Journal of Business, Vol. 13 No. 1, pp. 60-74.
Pilcher, R. (2014), “Role of internal audit in Australian local government governance: a step in the right direction”, Financial Accountability and Management, Vol. 30 No. 2, pp. 206-237.
Ruiz-Tagle, E.F. (1998), “Chilean president demands more internal auditing”, Internal Auditor, Vol. 55 No. 3, p. 15.
Salcedo, N.U. (2021), “Editorial – review and roadmap from the last 10 years (2010-2020)”, Journal of Economics, Finance and Administrative Science, Vol. 26 No. 51, pp. 2-6.
Scwartz, R. and Sulitzeanu-Kenan, R. (2002), “The politics of accountability: institutionalising internal auditing in Israel”, Financial Accountability and Management, Vol. 18 No. 3, pp. 211-231, doi: 10.1111/1468-0408.00151.
Simona, G.D. and Elisabeta, B.D. (2013), “Role of internal auditing in risk management in the public sector and local entities - case study Bihor county”, Annals of the University of Oradea, Economic Science Series, Vol. 22 No. 1, pp. 1324-1333.
Singh, K. and Best, P. (2016), “Interactive visual analysis of anomalous accounts payable transactions in SAP enterprise systems”, Managerial Auditing Journal, Vol. 31 No. 1, pp. 35-63.
Thomas, J.K. (1989), “Unusual patterns in reported earnings”, The Accounting Review, Vol. 64 No. 4, pp. 773-787.
Usang, O.U.E. and Salim, B. (2016), “Political interference and local government performance in Nigeria: the moderating role of internal audit quality”, International Journal of Economic Perspectives, Vol. 10 No. 4, pp. 111-120.
Vanasco, R. (1996), “Auditor independence: an international perspective”, Managerial Auditing Journal, Vol. 11 No. 9, pp. 4-48.
Varian, H.R. (1972), “Benford's law”, The American Statistician, Vol. 26, pp. 65-66.
Wallace, W. (2002), “Assessing the quality of data used for benchmarking and decision-making”, The Journal of Government Financial Management; Alexandria, Vol. 51 No. 3, pp. 16-22.
Yin, R.K. (2017), Case Study Research and Applications: Design and Methods, 6th ed., Sage, Los Angeles.
Young, M.N., Peng, M.W., Ahlstrom, D., Bruton, G.D. and Jiang, Y. (2008), “Corporate governance in emerging economies: a review of the principal–principal perspective”, Journal of Management Studies, Vol. 45 No. 1, pp. 196-220.
Zhang, C. (2019), “Intelligent process automation in audit”, Journal of Emerging Technologies in Accounting, Vol. 16 No. 2, pp. 69-88.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Journal of Economics, Finance and Administrative Science
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.