A
AcadiFi
OU
OutlierNolan2026-05-20
ciaCIA Part 2Audit AnalyticsException Testing

When do audit analytics create too many exceptions to be useful?

58 upvotes
AcadiFi TeamVerified Expert
AcadiFi Certified Professional

Analytics create too many exceptions when the test is not tied tightly enough to the risk, criteria, and process logic. A broad outlier rule may flag thousands of items that are unusual but not control failures.

Before running the analytic, define the expected control behavior, data fields, inclusion rules, thresholds, and likely false positives. After running it, investigate exceptions and refine the logic only with documented rationale.

A large exception list is not a finding by itself. It is a prompt to understand whether the analytic is imprecise, the process is poorly controlled, or both.

🔍

Master CIA Part 2 with our CIA Course

45 lessons · 90+ hours· Expert instruction

View Course — $199All-Access $49/mo
#analytics#exception-testing#false-positives#criteria

Related Questions

What should an auditor do if a supervisor weakens a supported finding?

cia·CIA Part 2·46 upvotes

How should auditors prepare for a technical exit meeting?

cia·CIA Part 2·35 upvotes

When should audit quality concerns be escalated beyond the engagement team?

cia·CIA Part 2·56 upvotes

How does business knowledge affect internal audit quality?

cia·CIA Part 2·51 upvotes

Where should an auditor begin a full-company internal control audit?

cia·CIA Part 2·51 upvotes

Related Articles

Audit Basics That Prevent False Assurance: Population, Completeness, Samples, and Support

14 min read

Practice Questions

Test your knowledge with our CIA question bank.

Try Practice Questions

Join the Discussion

Ask questions and get expert answers.

Join Now