AGA Kansas City Chapter Data Analytics & Continuous Monitoring

Transcription

1 AGA Kansas City Chapter Data Analytics & Continuous Monitoring

2 Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help drive efficiencies in your audit program and overall organization? Solution Offerings Examples of applied data analytics solutions within the audit profession Data Analytics Tools Specific tools utilized to perform Computer Assisted Auditing Techniques (CAAT) Continuous Monitoring How can data analytics be applied to facilitate continuous monitoring?

3 Section 1 Market Overview & Drivers for Change

4 Market Overview & Drivers for Change The need for risk mitigation and assurance has drastically changed Strategic risk is a key concern for executive leadership, yet the amount of information provided regarding strategic, value impacting opportunities and threats is often limited Globalization, expansion, and the heightened pace of change are increasing the complexity of risks While risks around financial controls and basic compliance are managed more effectively, there are few robust techniques for overseeing broader types of risk Do More with Less - there are increasing pressure to reduce the cost of compliance 4

5 Market Overview & Drivers for Change As operating models evolve, it is critical to grow the organization s decision support capabilities and provide the ability for management to make key business decisions at the right time, with the right information, based upon a single version of the truth to improve operation effectiveness and risk management. The available data is wrong but we get it so late it doesn t matter I am probably making bad decisions because of bad data Too much detail delivered to too many people people get lost in the detail Need to be an expert in the systems to get any information out of them The reporting environment and process is akin to Database Dim Sum; pull a little information from every database If I had better data, I would make different business decisions We spend lots of work hours constructing the analysis it leaves little time to actually analyze 5

6 Section 2 Data Analytics

7 Introduction to Data Analytics What is Data Analytics? Data Analytics refers to the processes and procedures used to interpret raw data with the purpose of gaining insight and understanding from the information. Data Analytics Operational Insight 7

8 Introduction to Data Analytics Types of data analytics Ad-hoc Repeatable Centralized Continuous Monitoring Effectiveness of Corrective Action Evolution of Data Analytic Techniques Continuous Monitoring Centralized Repeatable Ad-hoc Analytic Frequency The results of Data Analytics may be used to identify areas of key risk, fraud, errors or misuse; improve business efficiencies; verify process effectiveness; or influence business decisions. 8

9 Introduction to Data Analytics Why is Data Analytics beneficial? Gain a better understanding of your organization s data Gain complete coverage over a data set Automate testing procedures (reduce manual effort needed) Testing procedures are easily repeated Test for more complex scenarios than possible through manual review Automated / streamlined reporting Data Analytics Improved Testing Efficiency Improved Coverage Increased Granularity Completeness & Accuracy Checks 9

10 Introduction to Data Analytics How can data analytics drive efficiencies in your audit program? Increase audit coverage o 100% coverage over a data set Significantly More Value 1. Realigning audit coverage Focus on strategic auditing increases Focus on anomalies o Identify and mediate early Predictive analysis and monitoring 2. Improving process and leveraging technology Materially Less Cost 10

11 Introduction to Data Analytics Key benefits and challenges for using data analytics Benefits Remove sampling risk by gaining audit coverage over 100% of population Increase independence from information system functions (developers, technology administration) Decreased cost over time due to reusability Provide real-time audit opinions Efficiently test certain assertions such as completeness and accuracy Challenges First year costs can be higher than a manual test Auditor needs a strong understanding of the operation, financial or technology supporting the data Perception by information providers that data cannot be extracted or used 11

12 Section 3 Data Analytics Solution Offerings

13 Solution Offerings Fraud Analytics The use of data analytic techniques to identify false, altered or manipulated records or supporting documentation used in preparing or maintaining an organization's financial data. Identify fraudulent or misstated transactions used to produce financial statements Allows the organization to save money by identifying and mitigating fraud schemes (embezzlement, asset misappropriation, accounts payable fraud, etc.) Maintain reputation 13

14 Solution Offerings Fraud Analytics Time & Expense Target Area Description Outcome Collusion Employee Lists repeat reimbursements to employees (accommodating for a certain amount of variance) related to the same payee, creditor, or vendor Identify duplicate payment of the same expense activity from different employees Fraud / Abuse Analyze employee expense activities for potential duplicate reimbursements from different expense reports Multiple reimbursement requests for the same expense activity with different management approval Fraud / Abuse Non typical vendor analysis name and address comparison to identify vendors and expense activities to casino, clubs and other suspicious entertainments Identify high-risk employee who has abused the objective of the company related expense policy P-Card Management List employees whose average amounts per expense category is higher than average Identify employee who misused P-Card for personal purchases Control Deficiency Employee expense transaction amount stratification Identify employees exceeding the P-card authorization/ approval limit by time period that is daily, monthly, quarterly and/or annually 14

15 Solution Offerings Revenue Recognition Analysis around a company's order/sales process to gain insight into operational effectiveness and ensure revenue is being recognized appropriately. Test contract terms and conditions to ensure they are met & calculated correctly Analyze the sales / revenue / reimbursement cycle to look for trends / misstatements in recorded revenue / expenses Analyze bills for accuracy vs. contracts 15

16 Solution Offerings Accounts Payable Analytics Procure to Pay processing and reporting capabilities for expense control and cash disbursement management Identify weaknesses in controls in payment to suppliers Determine issues around duplicate payments, abnormal invoice activities, and payments to employees Isolate variances in master data set such as master vendor file 16

17 Solution Offerings Accounts Payable Target Area Description Outcome Vendor Identify suspicious or fictitious vendor Identify vendor with the same address as employee or created by/paid by the same employee AP Recovery Identify overpayment, duplicate payments Identify opportunity for volume discounts, working capital improvement Control Deficiency Identify fraud/abuse Identify fraud/abuse Foreign Corrupt Practices Act (FCPA) Identify corruption, bribery with payments to high-risk individuals (i.e., politically exposed) Compliant with FCPA and the Federal Trade Commission s red flag program, avoid fines from regulatory agencies Reputation Identify payments to suspicious addresses (i.e., P.O. Box) or high-risk businesses Transparency via ethical supply-chain and vendor sourcing 17

18 Solution Offerings Sustainable Cost Reduction Analysis Controlling and optimizing the money organizations spend Help organizations reduce costs with a detailed analysis of the organization s spending patterns Focus on identifying and delivering savings opportunities Monitor activities, capturing related spend results, and producing robust reports 18

19 Solution Offerings Post System Implementation Reviews Assessment of the effectiveness of the system development after the system has been in production for a period of time Provide comfort over the quality of data from legacy to new system Analyze data to resolve complex reconciliation issues Identify areas of improvements in the system s controls 19

20 Section 4 Data Analytics Tools

21 Data Analytics Tools What is Computer Assisted Auditing Techniques (CAAT)? Creating new or using existing end user system reports to analyze data (using software such as Microsoft Excel, Microsoft Access, ACL, etc.) to identify and quantify transactions that merit further investigation due to their nature, size or because they highlight control weaknesses and opportunities for process improvement. 21

22 Data Analytics Tools CAAT as a Data Analysis Technique: Testing whether system fields have the appropriate value/calculation for a population of accounts, securities or transactions Testing and quantifying fraud and control failure scenarios Identifying the unusual transactions that have bypassed controls Determining and measuring the impact of data quality issues Recognizing unusual transactions and events Increasing audit coverage and assurance 22

23 Data Analytics Tools CAAT Benefits: Use CAATs to increase the: Effectiveness of monitoring Impact of findings Depth of understanding The data tells the story! Enables you to qualify the financial impact of business decisions, accounting practices, and internal controls 23

24 Data Analytics Tools Available Tools: Download a text file into Microsoft Excel or Access database Download an existing end user report into Microsoft Excel or Access database Use the report writer capabilities of the software application to create reports Available Analytic Software: ACL, Oversight, Tableau, Spend Radar 24

25 Data Analytics Tools Recommended Practices Review all transactions rather than sample basis Obtain as many data elements (fields from the system) as possible for each transaction Validate integrity of data Confirm limitations from using data warehouse vs. production environment Look for hidden patterns Identify full impact of overpayments (example) rather than estimate May indicate causes of overpayments (example) Work with IT to enhance data retention capabilities Refine your queries to provide targeted results Integrate reports into Continuous Monitoring activities 25

26 Section 5 Continuous Monitoring

27 Continuous Monitoring Overview What is Continuous Monitoring? Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational environment. What does this mean? The processes that management puts in place to ensure that the policies, procedures, and business processes are operating effectively Ongoing insight into the effectiveness of controls and the integrity of transactions running within them. Provides the most to benefit from timely insight into errors/issues Management is the owner of this process Performed by operational/financial management; audit independently evaluates adequacy of management activities 27

28 Continuous Monitoring Overview Continuous Monitoring Process and technology used to detect compliance and risk issues associated with an organization's financial and operational environment. Significant increase of controls effectiveness over time Key risks Monitoring /IT/ Automated controls Process controls Early identification of required actions short term implementation of actions and monitoring of the effectiveness Synergies across various types of audits 28

29 Continuous Monitoring Overview What can Continuous Monitoring be used for? Monitoring of Key Performance Indicators (KPIs) Monitoring of Key Controls Fraud Detection Audit Testing Monitoring Risks 29

30 Continuous Monitoring Overview Continuous Monitoring Usage Reduce / eliminate the manual, detailed transaction reviews currently being performed / tested. o Moving from substantive testing to controls testing Scenario 1 Scenario 2 Management Effort Comprehensive Monitoring Little to no monitoring Audit Effort Reduced Effort / Testing Significant Effort / Testing 30

31 Continuous Monitoring Overview Key Benefits of Continuous Monitoring The key focus for continuous-monitoring solutions is to reduce recurring manual compliance effort, chiefly through replacing manual controls with automated ones. Compliance and cost reduction aside, these solutions can increase assurance of financial integrity several ways. Attribute Benefit Improved Consistency Manual controls are subject to manual errors, whereas automated controls tend to operate more reliably Improved Coverage Improved or complete transaction coverage is possible Increased Sophistication Controls can be designed with more complexity if they are not required to be performed manually Improved Timeliness Detective controls can be executed very quickly, rather than after-thefact or in an audit Additional Controls More controls can be achieved through automation than would be possible to perform manually Robert Martin. "Continuous Monitoring Meets Enterprise Risk Management." Information Management Online (2005) 31

32 Continuous Monitoring Overview Types of Continuous Monitoring Although there are different types of monitoring, they all play a role in comprehensive risk management programs. Type Description Control Monitoring Detection and escalation of risk control violation events Indicator Monitoring Detection of non-control events, Key Risk Indicators or early warning indicators of changes to factors that could impact the risk environment. These could be internal or external, current or forward looking, etc. Performance Monitoring Measuring the effectiveness of the risk program or of the organization as a whole (organizational performance optimization is a goal of many Enterprise Risk Management programs) 32

33 Continuous Monitoring Overview How does Continuous Monitoring fit in the picture? Identify the key risks in a business process Determine what risks can be measured through data analysis Prioritize the risks Document the risks as controls Throughout the year, monitor the controls that were identified Formula Definition Responsibility Ongoing analysis of the effectiveness of controls and the integrity of transactions running within them Typically performed by management, with independent evaluations periodically performed by internal audit + Continuous Auditing Identifying, assessing, mitigating and monitoring risks throughout the year Typically performed by an Internal Audit/Controls group separate from management = Continuous Assurance Combination of continuous monitoring and continuous auditing Operational/financial management and oversight by internal audit Continuous Monitoring 33

34 Continuous Monitoring Overview 34

35 Thank You! Presented by: Eric Hinrichs, Director Brett Dauffenbach, Senior Associate