Skip Navigation Links

How to carry out an annual database audit

Ask the company to download a table showing the full details of their accounts into a CSV file. This can be imported into the database. 

Summarize the database table according to the variable parameters, such as the type of loan, date of loan, account manager, customer code, introducer, branch, status, telephone, address, etc. By viewing the summaries, it is possible to identify the accounts that need further attention, e.g. a large number of accounts under the same customer or account manager or account opening date.

Check that the totals (i.e. count of accounts or total balances) agree with the financial ledger. This is to prevent the suspicious accounts from being removed prior to the database audit. Check that the staffs extracting the database are not the same staffs who are responsible for the operations. 

Carry out external verification on the highlighted accounts, e.g. by verification with the customer through the telephone. If the telephone is invalid, it could trigger an alarm.

Compare the summary with the previous year, and identify the large changes, e.g. account manager or branch with the largest change in number of accounts.

This database audit will have a strong deterrent effect. If the staffs know that an external auditor is likely to audit the entire database, they will avoid committing a fraud as it could be detected.