The Differentiator A Great Internal Auditor. The Institute of Internal Auditors of Thailand
|
|
- Jasmin Sutton
- 7 years ago
- Views:
Transcription
1 The Differentiator A Great Internal Auditor The Institute of Internal Auditors of Thailand September 2014
2 The Changed Agenda of a Great Internal Auditor
3 Transforming the internal audit mission Moving out from an outdated definition of internal auditing Outdated definition of internal auditing, as published by the IIA prior to 1999 Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost. Current definition of internal auditing, as published by the IIA Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Appraisal function Outdated definition Examine and evaluate activities Assist members of the organization in the effective discharge of their responsibilities Promote effective control at reasonable cost Current definition Assurance and consulting activity Add value and improve organization Help an organization accomplish its objectives Evaluate and improve the effectiveness of risk management, control and governance 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 2
4 The evolution of internal audit Strategist and advisor/facilitator The IA function is moving to higher maturity levels Risk focus Risk focus Rotational (Financial and Compliance) Governance No involvement Role Assurance on compliance with Policies/ Procedures Responsibility Enterprise Risks Governance IA as Advisor/Facilitator Role Enterprise Risk Advisory Responsibility Consultative Approach External Assessment 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 3
5 A shift from assurance provider to strategist/facilitator of risk management Risk management for value creation Facilitator of Risk Management Integrated risk response process Information sharing between specialist silos Going beyond probabilistic risk management programs Assurance Provider Assurance on management reports for: Effective identification and evaluation of risk Effective risk management process Appropriate review of key risks 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 4
6 Transforming internal audit IA maturity value model Basic High Value Perspective Focus on the past; retrospective look on what happened Focus on present survey battlefield, shoot wounded Future help the wounded, map the minefield Style Corporate police Fact finder/father knows best Planning/risk focus Rotational/Based on history (Financial and compliance risks) Existence of CAE Not likely IA Director Risk-based audit plan (Operational, compliance and financial risks) Trusted advisor (auditing and consulting) Enterprise risk-focused audit plan (Full spectrum of risks) Chief Audit Executive/Member of C suite Reporting lines CFO/COO CEO Audit Committee Chair Objective and mandate Compliance to policies and procedures Assurance on internal control systems an compliance Business risk assurance Independence and objectivity Hopefully Generally Absolutely SoX ownership Owns Participates Validates IT Auditing Ill-defined GCCs, security, applications Consulting to improve IT infrastructure Fraud prevention and detection Generally not addressed Reactive Proactive Risk Management Limited assessment Thorough assessment ERM Champion Governance No involvement Limited involvement IA as advisor/facilitator Technology Limited Automated workpapers and use of CAATs for data analysis Advanced use of CAATs and continuous assurance approach Results Small findings Assurance on key audit units Proactive risk management contribution/dynamic reporting 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 5
7 Optimizing the internal audit function Protect enterprise value Financial, compliance and general IT risks Balance sheet orientation Exception reporting and problem identification Inherent risks and rotational coverage Internal audit s value proposition Enhance enterprise value Operational, organizational and strategic risks Risk Intelligence orientation Proactive reporting and solutions development Focus on emerging risks and trends Optimal balance protect/enhance Independent and objective assurance with value-added advice An advisory orientation helps enable internal audit to enhance enterprise value 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 6
8 Top Issues for Audit Committees in 2014
9 Internal audit hot topics Governance Fraud Risk The changing relationship between audit committees and chief audit executives. How should audit committees evaluate the internal audit function? Improving audit committee performance is internal auditing stepping up to the plate? Governance structures of foreign companies with U.S. subsidiaries. Internal audit s role in auditing management compliance process (how are issues surfaced and monitored?) Executive compensation should internal auditors/audit committees be concerned? Status reporting of fraud investigations. What are organizations doing to protect customer data, in light of recent incidents of customer data loss? Auditing for environmental fraud. Working relationships between in-house legal counsel and internal audit departments. Lessons learned/best practices in auditing the U.S. Foreign Corrupt Practices Act globally. How to monitor hotlines. Convergence of risk management, compliance, and internal audit. Case study article on ERM implementation. Assessing risk associated with complex financial instruments (derivatives, swaps, etc.) Effective reporting of risk assessment results (leading practices). Reputation risk, especially in light of recent high-profile instances of corporate reputation damage. How to create a top-down, risk-based audit plan. Source: The Institute of Internal Auditors 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 8
10 Internal audit hot topics (cont.) Technology Ethics Finance and compliance Business continuity planning. Identity management. Social media risks. IT security vulnerability/top IT audit risks. Emerging technologies. Advanced cyber threats (cyber intelligence and warfare). Mobile security. Internal audit's role in protecting customer data. Case studies of audits involving the organization's moral principles, rules, standards, or tone at the top. Merging of compliance and ethics departments. Auditing ethics and compliance programs. The price of not auditing ethics in an organization. Internal auditing's role in off-balance-sheet items. Risks associated with business combinations. Best practices in post-acquisition audits. Auditing the due diligence process. Life after Sarbanes-Oxley: financial vs. operational auditing. How should internal and external auditors work together? Source: The Institute of Internal Auditors 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 9
11 Using Technology
12 Best practices Leverage on technology Analytics is not a separate science or a tool, but leveraging analytics is a matured way of performing internal audits. Data analytics can be leveraged on the following areas of internal audit life cycle: Risk assessment Transaction profiling Compliance sensitive transaction testing Management Reporting Internal Audit Reporting Continuous Auditing 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 11
13 Are your Board Directors also worried about these..? Missing Prices Duplicate Payment Missing Credit Checks Unusual Returns Invalid or Duplicate Supplier Master Delayed Collections Statutory Audit Findings Unauthorized Credit Duplicate Invoices Unused Credit Memos Unauthorized Journal Entries Split Purchase Orders Inaccurate Manual Overpayments to vendors Journal Entries Unauthorized credit Billing Errors Inaccurate Financial Reports Supplier Fraud Delayed Supplier Payments Incorrect Payment Terms Unapproved or Illegal Suppliers Unauthorized Access 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 12
14 These issues arise due to. Survey of 425 companies TOP 10 CONTROL CHALLENGES* Segregation of Duties DRIVERS DRIVERS Lack of Staff False Positives Access to Data Visibility to Issues Mergers & Acquisition Decentralized Operations Outsourcing Duplicate Payments Manual Processes Employee Reimbursements Compliance with Policy Automation Checks Approval Standardization/Consistency Signatures/Authority *Accounts Payable Network Benchmark: AP Controls May Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 13
15 Board Still in of the Directors dark are still in the Dark Many board members and senior executives are still in the dark about the overall health of their organizations and have a lack of nonfinancial data that they can act upon. As with the first survey, corporate leaders believe that it is extremely important to monitor non-financial indicators Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 14
16 Board Directors & Senior Management, need better Transparency 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 15
17 The Solution GRC Analytics & Monitoring An organization must develop and sustain a capability or program to set objectives, identify the boundaries and obstacles Establish a system to let management know when it is getting close to (or crossing) a boundary or approaching an obstacle. Once detected, management must quickly and appropriately respond to minimize the impact on the organization. As issues are encountered and addressed, management should continuously improve the program to more effectively and efficiently prevent, detect and respond to similar issues in the future. Source: OCEG Red Book 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 16
18 Unit A Activity 1 Activity 2 COSO Guidance on Monitoring Internal Controls Drivers: COSO observed that many organizations were not fully utilizing the monitoring component of a system of internal control Monitoring Information & Communication Control Activities Risk Assessment Objectives: Help organizations improve the effectiveness and efficiency of their internal control systems. Provide practical guidance that illustrates how monitoring can be incorporated into an organization s internal control processes Control Environment 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 17
19 Monitoring activities should be built into normal, recurring operating activities of an organization 4. Develop and implement costeffective procedures to evaluate that persuasive information Implement Monitoring Prioritize Risks 1. Understand and prioritize risks to organizational objectives 3. Identify information that will persuasively indicate whether the internal control system is operating effectively Identify Information Identify Controls 2. Identify key controls across the internal control system that address those prioritized risks 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 18
20 Without monitoring, even good controls deteriorate over time Critical financial processes such as travel expense management, order to cash and procure to pay have many business rules or policies associated with them that address accounting, reliability and anti-fraud issues. To ensure that policies and rules are followed, many ERP and financial applications have built-in internal controls with simple gated logic. However, the existence of these built-in automated controls does not ensure that they are turned on, that they are configured appropriately, and that they are not regularly overridden or bypassed thus establishing the need for a solution that can monitor these controls. Gartner Research Paper (Nov 2012) Transaction Controls Monitoring Can Improve Productivity and Financial Governance 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 19
21 Companies should leverage Controls Automation and Monitoring to improve control effectiveness and reduce compliance cost Manual-based risk and control management Technology-enabled risk and control management Start Manual Automated Monitoring Approach not driven by risk Redundant controls Manually-intensive business & IT processes and controls Inefficient testing Reactive approach to identifying & addressing control issues Key Risk Indicator Capability Risk based approach Rationalized controls Management platform Manually intensive testing procedures Testing requires large sample sizes Uses automation to find potential risks based on threshold violations Based on the principle of automating leading indicators to prevent risk events KRI s can be sourced from GRC system Responses include alerts and risk assessment workflows Leverage application-based business & IT process controls Efficient testing of controls Some automated testing capabilities Reduced testing sample sizes Efficient operation of controls Continuous monitoring controls Efficient operation of controls Proactive approach to identifying & addressing control issues Demonstrated effectiveness of controls Sustainable compliance processes ROI / Business value Continuous Control Monitoring Capability Framework provides an infrastructure for creating and maintaining automated rules to test and monitor business processes. Leverage pre-delivered content Build your own control monitoring with a variety of techniques 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 20
22 Comparing manual, automated, and continuous control monitoring Manual controls Technology-enabled controls Manual Manual approvals Manual reporting Paper-based reconciliations Controls Automated Access controls Segregation of duties Application/configurable controls IT general controls Monitoring Transaction monitoring Master data monitoring Access controls monitoring SOD monitoring Application/configurable control monitoring IT general controls monitoring Monitoring technology can be used in several capacities: As key detective controls used to meet control objectives To monitor the continued effectiveness of existing key controls (preventive and detective) 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 21
23 What is a Continuous Control Monitoring (CCM)? Continuous Monitoring solutions are technology-enabled, detective controls utilized to actively monitor controls, transactions, and configurations. Typically, these solutions provide functionality to notify owners when exceptions are detected. Activity Transaction monitoring Master data monitoring Access control monitoring Segregation of duties monitoring Configurable control monitoring Gartner Definition CCM for transactions is used to continuously monitor ERP and financial application transaction information to improve governance and automate audit processes. CCM for master data automates controls related to ERP and financial application data. CCM for access control is used to monitor accesses to sensitive functions by authorized users CCM for segregation of duties is used to manage a number of access conflicts present in ERP and financial applications CCM for application configuration is used to monitor the presence, appropriate configuration and modification of built-in application controls. Gartner ID Number: G : Magic Quadrant for Continuous Controls Monitoring; 23 March Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 22
24 Case studies
25 Common internal control challenges in procure to pay process 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 24
26 Internal Control Examples: Segregation of duties Scenario A Prevent potential SOD violations Users granted excessive payables system privileges obtain the capability to create transactions for unapproved disbursements Current practice When users change roles or responsibilities, unneeded access is typically not removed Over time, an accumulation of excessive access privileges tends to build up, leading to periodic cleanup projects Value of monitoring Any time a user profile is maintained, a comparison is performed to a pre-established constraint matrix If any SOD violations are detected, the security administrator is warned at the time of user profile maintenance The monitoring routine can also be run in mode batch to evaluate all users Scenario B Actual SOD violations Users with excessive payables system privileges perform transactions that violate segregation of duties Current practice A select number of users have been granted access privileges that violate the SOD matrix for justifiable business needs These users are expected to only use these privileges on an infrequent basis related to system maintenance, but the actual activity is not monitored Value of monitoring Automated and continually check and validate transactional data from enterprise applications against control parameters and business rules Identify suspicious activity, errors, and exceptions that may be disguised through high volumes of data 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 25
27 Internal Control Examples Transaction monitoring Scenario A Loan price is fair and uniform Individual loan agents circumvent the company's loan processing system to approve loans and inflate the fees and interest rates charged Current practice Loan price is calculated based on a set of business rules Manual intervention can override the calculated loan price Price overriding may not be detected causing a control failure Value of monitoring Calculated loan price is recalculated by the monitoring solution Significant deviation from the precalculated loan price is detected and reported Preventive or corrective measures could be initiated Scenario B Duplicate payments are not made Error in the invoice processing system may lead to duplicate payment to a supplier for the same invoice number or purchase order Current practice Invoice is compared against entered purchase order and past invoices False entry of invoice in separate payment cycles may lead to duplicate payment Duplicate payments may go undetected causing a control failure Value of monitoring Every invoice paid is compared against the list of past invoices If a duplicate payment was made due to an error or a fraud, the situation is detected and reported Preventive or corrective measures could be initiated 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 26
28 Internal Control Examples Changes in control configurations Scenario A System-based three-way match Failure of the system to enforce a match between the purchase order, receiver, and vouched invoice could lead to unauthorized payments Current practice The system only allows payments when a match is made between the purchase order, the receiving records, and the vendor invoice Changes to the parameters and match criteria are not monitored or reviewed Value of monitoring The matching configuration file is monitored for any changes Any change is reported and reviewed for appropriateness The documentation of changes/lack of changes is retained Scenario B Infrastructure-level security settings Unapproved changes to system security configurations allow for inappropriate access Current practice The extensive installation of Unix servers individually maintain password integrity options, such as expiration, reuse, and minimum length Changes to the password parameters are not monitored or reviewed Value of monitoring The password configuration settings are monitored for any changes Any change is reported and reviewed for appropriateness The documentation of changes/lack of changes is retained 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 27
29 ERP Continuous Audit
30 GRC Solution Board of Directors, CEO, CFO Business Manager Process Owners Dashboards GRC Intelligence Reports Key Risk & Control Indicators GRC Manager Process Risks Assessments Issues es Procedures Remediation Policies Access Controls GRC Controls Configuration Controls Preventive Controls Applications Alerts Transaction Controls Visibility to enterprise GRC status Role-tailored analysis Flexible ad hoc reporting Data repository GRC system of record End-to-end GRC process management Continuous monitoring of access, policies & controls Preventive and detective controls Controls risk monitoring Application Manager IT Manager Identity Mgmt Data Security Infrastructure Change Mgmt Records Mgmt Digit Rights Information security Enterprise access provisioning IT configuration management 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 29
31 SAP s unified GRC approach SAP GRC risk management Aggregated detection of risks and control monitoring Access Control Process Control GRC control differentiators Automates and embeds GRC into core and mainstream business processes Standardizes on common GRC content, rules, and technology Secure SOD and compliant IDM/provisioning Control monitoring for business process Helps tackle current pressing issues while providing a framework for emerging regulations Turns GRC into a strategic advantage driving competitive differentiation and higher level of business performance 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 30
32 Oracle Advanced Controls Enforce business controls to ensure compliance and mitigate risk Application Access Controls Governor (AACG) Transaction Controls Governor (TCG) Oracle Advanced Controls Configuration Controls Governor (CCG) Preventive Controls Governor (PCG) 2014 Deloitte Touche Tohmatsu Jaiyos Advisory The Differentiator A Great Internal Audit 31
33 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 200,000 professionals are committed to becoming the standard of excellence. About Deloitte Southeast Asia Deloitte Southeast Asia Ltd a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Guam, Indonesia, Malaysia, Philippines, Singapore, Thailand and Vietnam was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises. Comprising over 250 partners and 6,000 professionals in 23 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. About Deloitte Thailand In Thailand, services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and its subsidiaries and affiliates. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte network ) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication Deloitte Touche Tohmatsu Jaiyos Co., Ltd.
Risk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationHow To Ensure Financial Compliance
Evolving from Financial Compliance to Next Generation GRC Gary Prince Principal Solution Specialist - GRC Agenda Business Challenges Oracle s Leadership in Governance, Risk and Compliance Solution Overview
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationRisk Intelligence Challenge 2015. Going beyond risk in business
Risk Intelligence Challenge 2015 Going beyond risk in business Frequently Asked Questions (FAQ) Frequently asked questions 1. Why join RIC 2015? RIC is a great platform for you to learn, grow and gain
More informationGovernance, Risk & Compliance for Public Sector
Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment
More informationHarness Enterprise Risks With Oracle Governance, Risk and Compliance
Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming
More informationSupporting Compliance Management with Technology
Supporting Management with Technology May 27, 2009 Agenda Observations and challenges from the marketplace Process Overview of Tools to Support Understanding Your Requirements Closing Thoughts Questions?
More informationAuditing for Value in the Procure to Pay Cycle Dallas IIA Chapter. October 1, 2009
Auditing for Value in the Procure to Pay Cycle Dallas IIA Chapter October 1, 2009 Supply Chain Risk Overview * Today s Focus * Includes Working Capital benefits 1 2009 Protiviti Inc. An Equal Opportunity
More informationTake the right steps 9 principles for building the Risk Intelligent Enterprise
Take the right steps 9 principles for building the Risk Intelligent Enterprise Contents 9 principles for building a Risk Intelligent Enterprise 2 The Risk Intelligent Framework 4 1. Is risk a threat or
More informationContinuous Monitoring: Match Your Business Needs with the Right Technique
Continuous Monitoring: Match Your Business Needs with the Right Technique Jamie Levitt, Ron Risinger, September 11, 2012 Agenda 1. Introduction 2. Challenge 3. Continuous Monitoring 4. SAP s Continuous
More informationAnti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012
Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012 GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability
More informationHow To Manage Risk
Oracle Applications Day Zürich, 1. Juli 2009 Risk und Performance Management in Stürmischen Zeiten mit Oracle GRC Steven Hagner EMEA GRC Sales Organization 1 Safe Harbor Statement The following is intended
More informationCorporate Resiliency Managing g the Growing Risk of Fraud and Corruption
Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption Toby Bishop, Director, Deloitte Forensic Center Deloitte Financial Advisory Services LLP Contents Why corporate resiliency? What
More informationIT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP
IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational
More informationMinimize Access Risk and Prevent Fraud With SAP Access Control
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Access Control Minimize Access Risk and Prevent Fraud With SAP Access Control Table of Contents 3 Quick Facts 4 The Access
More informationACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances
ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3
More informationSingapore s Tax Appeal for Funds and Fund Managers
Singapore s Tax Appeal for s and Managers Tax incentives for funds and fund managers in Singapore Singapore is a key location for fund managers of private equity, real estate and hedge funds to be based
More informationwww.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011
www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011 Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best
More informationCFO. Improving the Bottom Line with Advanced Controls CONTENTS
CFO Improving the Bottom Line with Advanced Controls CONTENTS EXECUTIVE SUMMARY 1 THE PROBLEM ILLUSTRATED 2 SOLUTIONS 4 PROCESS RISKS AND CONTROLS 6 CASE STUDY 9 SELF ASSESSMENT 12 WHAT DOES THE FUTURE
More informationProcess Control Optimisation with SAP
Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.
More informationContinuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010
Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationAGA Kansas City Chapter Data Analytics & Continuous Monitoring
AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help
More informationMarch 2015. Internal audit insights High impact areas of focus
March 2015 Internal audit insights High impact areas of focus Introduction Internal audit is widely, if not universally, viewed as a key pillar in effective governance with expectations of internal audit
More informationLeverage T echnology: Move Your Business Forward
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Is Oracle ERP in Scope for 2014 Audit Plan? Learn,
More informationU.S. CFO Program The Four Faces of the CFO. 2010 Deloitte Touche Tohmatsu
U.S. CFO Program The Four Faces of the CFO 2010 Deloitte Touche Tohmatsu CFOs Play Four Critical Roles in Companies Catalyze behaviors across the organization to execute strategic and financial objectives
More informationOffice of the Auditor General. Audit of Accounts Payable. Tabled at Audit Committee November 26, 2015
Office of the Auditor General Audit of Accounts Payable Tabled at Audit Committee November 26, 2015 This page has been intentionally left blank Contents Executive Summary... 2 Introduction... 2 Background...
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationCIIA South West Analytics in Internal Audit - Tackling Fraud
CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls
More informationORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT
ORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT KEY FEATURES Continuously monitors application users access from high-level ERP roles and permissions to detailed access points 550 + Delivered,
More informationUnlocking the power of SAP s governance, risk and compliance technology
Insights on governance, risk and compliance March 2013 Unlocking the power of SAP s governance, risk and compliance technology Contents Introduction... 1 Governance, risk and compliance defined... 2 Value
More informationAn Introduction to Continuous Controls Monitoring
An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationMaking Automated Accounts Payable a Reality
Making Automated Accounts Payable a Reality www.merkur.com (800) 637-1704 Table of Contents Introduction...3 Executive Summary...4 Challenges in Accounts Payable...5 What is the problem?...5 How big is
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationAn Enterprise Resource Planning Solution for Mill Products Companies
SAP Thought Leadership Paper Mill Products An Enterprise Resource Planning Solution for Mill Products Companies Driving Operational Excellence and Profitable Growth Table of Contents 4 What It Takes to
More informationIntegrating GRC with Performance Management Demands Enterprise Solutions
As published in the April n May n June 2008 issue of Integrating GRC with Performance Demands Enterprise Solutions by Lee Dittmar, Principal, Deloitte Consulting LLP and Peter Vogel, Senior Manager, Deloitte
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationReduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager
Reduce Audit Time Using Automation, By Example Jay Gohil Senior Manager Today s Session Speaker Bio: Jay Gohil, Protiviti Jay is a Senior Manager in the ERP Services practice in Atlanta. In the past seven
More informationEnsure Effective Controls and Ongoing Compliance
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Process Control Ensure Effective Controls and Ongoing Compliance Table of Contents 3 Quick Facts 4 Focus Resources on High-Impact
More informationInstitute of Internal Auditors (IIA) of Thailand Conference Internal Audit Technology at the Forefront
Institute of Internal Auditors (IIA) of Thailand Conference Internal Audit Technology at the Forefront Gary Tan Director Enterprise Risk Services 2 November 2015 Agenda 1 Introduction 2 Cybersecurity 3
More informationSAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.
SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater
More informationRisk committee performance evaluation
Risk committee performance evaluation While there is currently not a legal or regulatory requirement for board risk committees to complete a performance evaluation, King III recommends regular performance
More informationForensic Audit Building a World Class Program
Forensic Audit Building a World Class Program PAUL E. ZIKMUND DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT 1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL Why the Need for Forensic Audit Program In response
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationEnterprise Risk Management in Compliance 360
Enterprise Risk Management in Compliance 360 2 Enterprise Risk Management in Compliance 360 Effective risk management involves identifying and understanding the risks the organization is faced with, analyzing
More informationNCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation
NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation Market Offering: Package(s): Oracle Authors: Rick Olson, Luke Tay Date: January 13, 2012 Contents Executive summary
More informationSarbanes-Oxley Compliance for Cloud Applications
Sarbanes-Oxley Compliance for Cloud Applications What Is Sarbanes-Oxley? Sarbanes-Oxley Act (SOX) aims to protect investors and the general public from accounting errors and fraudulent practices. For this
More informationIntegrated Business Services (IBS) Next generation of high performance Shared Services. Deloitte Consulting GmbH February 2016
Integrated Business (IBS) Next generation of high performance Shared Deloitte Consulting GmbH February 2016 Go ?? Business leaders are recognizing the benefits of leveraging Shared and outsourcing consistently
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationApplication Control Effectiveness for SAP. December 2007
Application Control Effectiveness for SAP December 2007 Meeting Objectives Application Control Effectiveness Compliance at a glance Trends and challenges Technology issues Application Control Business
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More informationTypes of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down
Types of and Recent Cases Developing an Effective Anti-fraud Program from the Top Down 1 Types of and Recent Cases Chris Grippa (404-817-5945) FIDS Senior Manager with Ernst & Young LLP Works with clients
More informationCisco Intelligent Automation for SAP
Data Sheet Cisco Intelligent Automation for SAP Automation Packs for SAP Solutions Product Overview Cisco Intelligent Automation for SAP is the software platform on which to standardize, unify, and automate
More informationIndonesia Individual Income Tax Guide
Indonesia Individual Income Tax Guide Indonesia Individual Income Tax Guide 1 2 Contents Residency Rules 4 Tax Obligations 5 Worldwide Income 7 Individual Tax Rates 9 Personal Deductions 10 Tax Credits
More informationStrong Corporate Governance & Internal Controls: Internal Auditing in Higher Education
Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education Contents Introduction Internal Audit as Trusted Advisor & Business Partner Big Ticket Items: Fraud, Revenue Leakage
More informationStrategy Consulting Helping businesses win at strategy
Monitor Strategy Consulting Helping businesses win at strategy Strategy Consulting Helping businesses win at strategy 1 Corporate and business unit strategy A fundamental challenge every executive faces
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationContinuous monitoring and continuous auditing From idea to implementation
Continuous monitoring and continuous auditing From idea to implementation Continuous Monitoring and Continuous Auditing: From Idea to Implementation Most financial and auditing executives are aware of
More informationOracle Financial Services Broker Compliance
Oracle Financial Services Broker Compliance Financial institutions with retail, wealth management, and private banking businesses recognize the direct relationship between rigorous compliance processes
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationFinance Effectiveness Efficiency
Business Unit Finance Effectiveness Efficiency An overview Agenda Page 1 Efficiency - An overview 1 2 Our services 7 3 Case study 14 Section 1 Efficiency - An overview 1 Section 1 Efficiency - An overview
More informationFuture of Wealth Management. March 2016
Future of Wealth Management March 2016 Agenda Context Forces of change and implications 2016 Deloitte Consulting Pte Ltd 2 Context Current industry challenges Growth Imperatives Increasing regulatory /
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationKofax White Paper. Overcoming Challenges in Accounts Payable Automation. Executive Summary. Benefits of Accounts Payable Automation
Kofax White Paper Overcoming Challenges in Accounts Payable Automation Executive Summary Accounts payable automation presents unique challenges. It is characterized by large volumes of data, arriving in
More informationUsing Technology to Automate Fraud Detection Within Key Business Process Areas
Using Technology to Automate Fraud Detection Within Key Business Process Areas 2013 ACFE Canadian Fraud Conference September 10, 2013 John Verver, CA, CISA, CMA Vice President, Strategy ACL Services Ltd
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More information2/5/2013. Session Objectives. Higher Education Headlines. Getting Started with Data Analytics. Higher Education Headlines.
+ Getting Started with Data Analytics Prepared for the UCOP Auditor s Symposium January 30, 2013 and February 14, 2013 Session Objectives 2 Higher Education Headlines New IIA Guidance Visual Risk IQ s
More informationStakeholder Engagement
Stakeholder Engagement 1 Next Introduction An Integrated Report is a single report that the International Integrated Reporting Council (IIRC) anticipates will become an organisation s primary report. This
More informationContinuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.
Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Call them the twin peaks of continuity continuous auditing and continuous monitoring. There are certainly similarities
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationMaster Data Management: More than a single view of the enterprise? Tony Fisher President and CEO
Master Data Management: More than a single view of the enterprise? Tony Fisher President and CEO Agenda Why MDM? Why CDI? Business Drivers for MDM Are You Ready for MDM? What is Master Data Management?
More informationContinuous Auditing / Continuous Monitoring
Continuous Auditing / Continuous Monitoring Using Technology to Drive Value by Managing Risk and Improving Performance KPMG LLP Introduction As business risks of all kinds continue to proliferate, management
More informationOptimize procure-to-pay processes for profitability, efficiency, and compliance
www.pwc.com/oracle PwC Oracle Practice September 2012 Optimize procure-to-pay processes for profitability, efficiency, and compliance Optimize procure-to-pay processes for profitability, efficiency, and
More informationPaisley Enterprise GRC Audit Profile. Linda Bergs
Paisley Enterprise GRC Audit Profile Linda Bergs Successful Implementation Champion Buy-in Budget Technology Who We Are Paisley is an independent software vendor providing innovative solutions for governance,
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationBalance Sheet Integrity The Utopian Close: Creating a low risk, highly effective financial close
Balance Sheet Integrity The Utopian Close: Creating a low risk, highly effective financial close Balance Sheet Integrity: The Utopian Close creating a low risk, highly effective financial close 1 Executive
More informationEnsuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP
Orange County Convention Center Orlando, Florida June 3-5, 2014 Ensuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP
More informationLGMA Qld Governance and Corporate Planning Village Forum
www.pwc.com.au Fraud Risk Management Fraud Risk Assessments LGMA Qld Governance and Corporate Planning Village Forum March 2015 Agenda Introductions Fraud Risk Management Fraud Statistics s Global Economic
More informationAccounts Payable Outsourcing
Accounts Payable Outsourcing OVERVIEW- ACCOUNTS PAYABLE PROCESSING The findings of a recent accounts payable study highlights the common errors and issues faced by the accounts payable department. They
More informationIntegrating Data Analytics into Internal Audit
Integrating Data Analytics into Internal Audit IIA Beach Cities Meeting May 19, 2011 Agenda Introductions Background Industry Perspective Benefits of Challenges in Examples / Case Studies Tools Of The
More informationIPT 2015 Sales & Use Tax Symposium Indian Wells, CA. Tax Accrual Data Analytics Dashboards to Minimize Risk
IPT 2015 Sales & Use Tax Symposium Indian Wells, CA Tax Accrual Data Analytics Dashboards to Minimize Risk Presenters Holly Hamby Weatherford IT Director Tax Holly.Hamby@weatherford.com Les Jackson Deloitte
More informationTHE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE
THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE SAP Executive Insight It s no secret that implementing HR shared services can help organizations generate significant
More informationHR Function Optimization
HR Function Optimization People & Change Advisory Services kpmg.com/in Unlocking the value of human capital Human Resources function is now recognized as a strategic enabler, aimed at delivering sustainable
More informationCompliance and Ethics at the Federal Reserve Bank of New York
Compliance and Ethics at the Federal Reserve Bank of New York Operational Risk and Internal Audit Course Marina Adams, Compliance Officer and AVP David K. Clune, Compliance and Ethics Officer Kevin White,
More informationRisk Management in Role-based Applications Segregation of Duties in Oracle
Risk Management in Role-based Applications Segregation of Duties in Oracle Sundar Venkat, Senior Manager, Protiviti Tai Tam, Accounting Manager, Electronic Arts Core Competencies C23 Page 0 of 29 Agenda
More informationSegregation of Duties
Segregation of Duties Scott Mitchell, Senior Manager (503) 478-2193 John Earl, Manager (503) 478-2188 January 5, 2010 Our Objectives Clarify the role of Segregation of Duties (SOD) Identify alternatives
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationRisk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications
Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar
More informationKofax White Paper. Overcoming Challenges in AP Automation. Executive Summary. Benefits of Accounts Payable Automation
Kofax White Paper Executive Summary Accounts payable automation presents unique challenges. It is characterized by large volumes of data, arriving in different formats and media that must be securely received,
More informationDeloitte Forensic. Deloitte Forensic. Capability Statement
Deloitte Forensic Deloitte Forensic Capability Statement Deloitte named a Kennedy Vanguard Leader in Forensic Investigation Consulting, based on capabilities. Source: Kennedy Consulting Research & Advisory;
More informationContinuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006
Continuous Controls Monitoring ISACA, Houston Chapter August 17, 2006 Purpose of Discussion Understand impact of Continuous Controls Monitoring (CCM) on the Information Systems Audit community To perform
More informationThe Next Wave in Finance & Accounting Shared Services Establishing Centers of Expertise
The Next Wave in Finance & Accounting Shared Services Establishing Centers of Expertise The Next Wave of Finance & Accounting Shared Services INTRODUCTION As finance and accounting shared services operations
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationEND-TO-END BANKING SOLUTIONS
END-TO-END BANKING SOLUTIONS AND SERVICES PARTNERING WITH THAKRAL ONE BI AND ANALYTICS MOVING FROM BIG DATA TO REAL DATA Increased pressures from regulatory compliance, rapid global economic changes, and
More information