Using data analytics and continuous auditing for effective risk management

Similar documents
Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Data & Analytics in Internal Audit. January 13, 2015

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Continuous Auditing / Continuous Monitoring

Data Analytics in Internal Audit. Elizabeth Dunkerley

Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

Using Technology to Automate Fraud Detection Within Key Business Process Areas

LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT

IT Governance. What is it and how to audit it. 21 April 2009

RSA ARCHER AUDIT MANAGEMENT

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

SUSTAINING COMPETITIVE DIFFERENTIATION

Capacity Management: Patient Throughput and Case Management Improvement. February 25, 2015

Creating a Business Intelligence Competency Center to Accelerate Healthcare Performance Improvement

QAD Business Intelligence

MKS Integrity & CMMI. July, 2007

The Role of the Board in Enterprise Risk Management

4th Annual ISACA Kettle Moraine Spring Symposium

Moving Forward with IT Governance and COBIT

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

VISA COMMERCIAL SOLUTIONS BEST PRACTICES SUMMARIES. Profit from the experience of best-in-class companies.

Explore the Possibilities

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

The 5 Questions You Need to Ask Before Selecting a Business Intelligence Vendor. Share With Us!

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

ElegantJ BI. White Paper. Operational Business Intelligence (BI)

Enterprise Risk Management & Information Technology

Cybersecurity The role of Internal Audit

Vital Risk Insights kpmg.com

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Corporate Performance Management (CPM) - An Introduction

Using Business Intelligence to Achieve Sustainable Performance

Auditing Application User Account Security and Identity Management with Data Analytics

Simplifying the audit through innovation

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

Business Intelligence Enabling Transparency across the Enterprise

CIIA South West Analytics in Internal Audit - Tackling Fraud

Big Data Industry Approaches to Operational Excellence

IBM Cognos 8 Controller Financial consolidation, reporting and analytics drive performance and compliance

The Financial Planning Analysis and Reporting System (FPARS) Project: Implementation Status Update

PRACTICAL BUSINESS INTELLIGENCE STRATEGIES:

KPMG s Financial Management Practice. kpmg.com

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

IDC MaturityScape Benchmark: Big Data and Analytics in Government. Adelaide O Brien Research Director IDC Government Insights June 20, 2014

KPMG Internal Audit: Top 10 considerations in 2015 for technology companies. kpmg.com

WHITE PAPER. Governance, Risk and Compliance (GRC) - IT perspective

Maximising internal audit value

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

KPMG Internal Audit: Top 10 key risks in 2016

Risk Considerations for Internal Audit

Role and Skill Descriptions. For An ITIL Implementation Project

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Data Analytics Audit Considerations When Designing BSA/AML Audit Testing

Introduction to TTC s Enterprise Risk Management (ERM) Program. TTC Audit and Risk Management Committee

The Internal Audit Analytics Conundrum Finding your path through data

Module 2 IS Assurance Services

Keynote: How to Implement Corporate Performance Management (CPM), Pervasive BI & ROI: Hard & Soft

NEW YORK STATE-WIDE PAYROLL CONFERENCE. Presented to:

Trends In Data Quality And Business Process Alignment

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Business Process Services: A Value-Based Approach to Process Improvement and Delivery

Manage and Control Access Risk and Assess Its Financial Impact

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

CRM Analytics - Techniques for Analysing Business Data

How IT Can Help Companies Make Better, Faster Decisions

Implementing a Data Governance Initiative

Metrics that Matter Security Risk Analytics

Balancing supplier risk versus reward. kpmg.com

Our Data Analytics Journey, Methodology, and More. September 15, 2015

Global Technology Audit Guide. Auditing IT Governance

Welcome to the Audit, Control & Security Stream. Sponsored by:

Trends and Drivers. Global Order Management and Master Data Management

Chapter 4. The IM/IT Portfolio Management Office

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Running the business of IT metrics that matter

BIG DATA KICK START. Troy Christensen December 2013

San Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young

Essentials to Building a Winning Business Case for Tax Technology

Transforming risk management into a competitive advantage kpmg.com

How to Leverage SRM for Supply Chain Resiliency. How to Leverage SRM for Supply Chain Resiliency

Internal audit value optimization for insurance organizations

Reduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager

Tapping the benefits of business analytics and optimization

Addressing Disclosures in the Audit of Financial Statements

Transcription:

Using data analytics and continuous auditing for effective risk management April 2014 Irakis Kanavaris

Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations How KPMG can help 1

Current trends Technology, data analytics and continuous auditing Convergence of Business Intelligence; IT-Governance, Risk & Compliance; and CA/CM tools and techniques. Increased interest in CA/CM techniques by financial services, healthcare/life sciences, and public sector due to expanding regulations. Enhancing risk assessment activities with quantitative information. Internal audit focus on building repeatable and sustainable analysis for meaningful reporting; not long lists of anomalies (using data analytics ETL) Trend toward leveraging BI tools: As part of monitoring of KPIs/KRIs; For continuous risk assessment for audit planning purposes; For profiling of populations to focus transaction analysis and testing. 2

Common terminology Definitions and characteristics of CA/CM & DA Activity Definition Characteristics Continuous Auditing (CA) Collection of audit evidence and indicators by an auditor on information technology (IT) systems, processes, transactions, and controls on a frequent or continuous basis, throughout a given period. Third Line of Defense (i.e. assurance providers) Wide variety of organizational Data Not intended to become part of the internal control environment Process can also be used for Continuous Risk Assessment for dynamic audit planning purposes Continuous Monitoring (CM) Data Analytics Feedback mechanism (monitoring method) used by management to ensure that controls operate as designed and transactions process as prescribed. A process by which insights are extracted from operational, financial and other forms of electronic data internal or external to the organization. First and second lines of defense (i.e. business owners and standard setters respectively) Dynamic reporting with actionable output Responsibility of management Important component of the internal control structure Can provide automated controls and processes These insights can be: historical, real-time or predictive and can also be risk-focused (e.g., controls effectiveness, fraud, waste, abuse, policy/regulatory non- compliance) or performance- focused (e.g., increased sales, decreased costs, improved profitability, etc.) and frequently provide the how? and why? answers to the initial what? questions often found in the information initially extracted from the data. Definitions taken from KPMG LLP s Continuous Auditing and Continuous Monitoring: Transforming Internal Audit and Management Monitoring to Create Value, 2008 3

Control effectiveness Control effectiveness Common terminology A change from the Conventional audit approach The potential benefits of a continuous audit can be illustrated by comparing it to conventional audit methods: Impact on controls : Conventional Audit 90 80 70 60 50 40 30 20 10 - AUDIT AUDIT 1 2 3 4 5 6 7 8 9 10 11 12 Expectation Actual Trend Cyclical-based auditions, manual identification of control objectives Control effectiveness can improve after audit visits (when recommendations for improvements are performed) Sampling small percentage of population to measure control effectiveness and operational performance Time consuming data gathering may occur Impact on controls : Continuous Audit 90 80 70 60 50 40 30 20 10 - AUDIT 1 2 3 4 5 6 7 8 9 10 11 12 Expectation Actual Trend Testing is frequent and focused-controls and transactions are audited as they happen Control failures are detected immediately-effectiveness of controls is maintained and monitored Improved alignment with the businesses Conventional audits can be planned using improved data quality With data analytics, organizations have the ability to review every transaction-not just a sampling-which enables a more efficient analysis on a greater scale 4

KPMG approach Implementation Model Understanding the organization s risk profile is fundamental to implement CA/CM. By assessing the risks, we are able to prioritize and direct resources to those areas that are most important to the business. CA/CM is not only about technology. We also consider the role of people (e.g., CA/CM resources, skills and knowledge, executive support for CA/CM, etc.), and existing processes (e.g., CA/CM strategies, training processes, reporting processes, etc.). KPMG s CA/CM Implementation Model Supporting a CA/CM implementation is our industry and functional knowledge. We leverage our understanding of industry specific risks and control weaknesses, as well as our understanding of the systems and processes of the organization to achieve an effective and efficient implementation. 5

KPMG approach Continuous auditing/monitoring maturity evolution Ad hoc Integrated Analytics Repeatable & Sustainable Analytics Repetitive Analytics Continuous Auditing Continuous Monitoring Continuous Auditing of Continuous Monitoring Common applications of data analytics in an internal audit environment Less mature state More mature state Audit moves toward "repeatable and sustainable" or expanded scopes Audit leverages management's systems and tools to analyze data and to perform continuous risk assessment for dynamic audit planning purposes Internal Audit department serves as the pilot for continuous monitoring systems on behalf of management Tactical or burning platform issues drive also a CM initiative. Implementation of CM by management, frequently with the assistance of Internal Audit 6

KPMG approach Dimensions of continuous auditing and continuous monitoring 7

Manage Financial Resources Procurement Major Process Risk Rating Process Priority Rating Transportation Failure Product Failure Product feature mismatch with regulations Bribery and Corruption Failure to achieve gross margin Inefficient product capacity Poor system maintenance Lost or inaccurate order entered into system Loss of Major Vendor Due to Financial Difficulties Unethical Sourcing Poor of cost control KPMG approach Risk Assessment to verification of Risk Management 1. Continuous Risk Assessment 2. Dynamic Audit Planning Risks Sub Process Procurement Planning Vendor Selection Purchasing Receiving Vendor Performance Management Quality Assurance Perform planning and budgeting Perform revenue accounting Perform management reporting Manage fixed assets PLAN 4. Verification of Risk Management 3. Audit Execution CHECK DO 8

KPMG observations Implementation challenges General Establishing consensus on objectives and success criteria Measuring and demonstrating success Limited resources (technology and human know-how) Data Analytics Definition of exception; addressing false positives and false negatives Workflow around exception resolution; managing volumes of exceptions Data Availability and Quality Lack of access to data Variety of disparate information systems with different data formats Incomplete data sets, inconsistent data quality Change Management Managing impact of CA/DA processes on auditors and other business processes 9

How KPMG can help Implementation assistance Data analysis Strategic plan development Key stakeholder identification Success criteria and measurements definition Tool evaluation and selection Fraud risk management Dashboards Reports and alerts 1 3 5 7 2 Business case development 4 Risk assessments & data analytics 6 Implementation plans Project management oversight 8 Co-sourcing Out-sourced services Change management 10

How KPMG can help Implementation assistance Develop a Strategic Plan Define the objectives you are trying to achieve Leverage CA to Enhance the Audit Planning Risk Assessment Process Increase Efficiency and Effectiveness in the Audit Process (e.g. use CA to focus on traditional areas of risk (e.g., Journal Entries; Order-to-Cash; P2P; Payroll; etc.) Identify key stakeholders and define the success criteria and related measurements Consider stakeholder needs for business performance and risks Agree on measures to define continuous auditing success (e.g. Quantitative factors like hours, number of audits and qualitative factors like enhanced governance and auditee satisfaction) Build an effective business case Identify risks not adequately covered Align with business objectives for initial wins and momentum Potential of continuous auditing and monitoring for the business 11

How KPMG can help Implementation assistance Develop Tactical Plans Design governance and reporting structure for continuous auditing activities Define owners and responsibilities for internal audit, IT and business Establish communication plans and schedules Determine Audit Committee reporting, as appropriate Evaluate data analytic skills and competencies Compare existing skills with necessary skills Evaluate short-term and long-term required skills Integrate data analysis into IA methodology and processes Consider opportunities to replace traditional procedures Assess the impact of changes on audit delivery and personnel Evaluate and select technology tools Identify and evaluate tools that will meet department requirements Assist with understanding pricing and licensing scenarios 12

How KPMG can help Implementation assistance Design and Execute Implementation Plans Manage organizational change (internal to Internal Audit and business-facing change Design and deliver trainings Indentify focus areas for implementation of CA to satisfy strategic objectives Design and establish data connection/ extract, analysis, and reporting mechanisms including risk and performance-based analytics, dashboards, scorecards, reports and alerts, etc. Evaluation of Existing Continuous Auditing Processes 13

How KPMG can help Technology tools KPMG s technology tools and services - F2V - K-Proctor - K-Dat - K-SoD Commercial Products 14

Closing remarks

Using DA & CA/CM for effective risk management KPMG s CA/CM implementation model A holistic approach 16

Thank you Iraklis Kanavaris, Supervising Senior Advisor Risk Advisory Services, IT Advisory Tel. +30 210 60 62 218 ikanavaris@kpmg.gr

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information