THE ABC S OF DATA ANALYTICS

THE ABC S OF DATA ANALYTICS ANGEL BUTLER MAY 23, 2013 HOUSTON AREA SCHOOL DISTRICT INTERNAL AUDITORS (HASDIA)

AGENDA Data Analytics Overview Data Analytics Examples Compliance Purchasing and Accounts Payable Grades and Registration Payroll Information Technology Academics Tuition Continuous Monitoring Questions? 2

DATA ANALYTICS OVERVIEW 3

WHY DO YOU NEED DATA ANALYTICS? Do you find yourself burning the midnight oil at your desk, just trying to get coverage of key risk areas? 4 Are areas that you need to review piling up?

WHAT ARE DATA ANALYTICS? Data analytics can best be described as examining raw data for the purpose of formulating an opinion about the data and drawing conclusions based upon the results. Used in all industries if you have data, you can perform data analytics. Gives auditors and management the tools they need to make better decisionsand maximize resources 5

WHAT IS DATA ANALYTICS? Data Analytics are First used to identify patterns and establish hidden relationships. Then focuses on what is already known by the researcher while preexisting conclusions are proven true or false. Data analysis is used to determine whether the organization is operating in line with its overall goals and objectives. 6

WHAT IS DATA ANALYTICS? Do all of your systems talk to each other? Data analytics helps you compare data from multiple systems. 7

DATA ANALYTICS EXAMPLES 8

EXAMPLE: COMPLIANCE 9

COMPLIANCE Monitor the retention of various records and documents to ensure compliance with Federal, State, and/or local regulations. Extract transactions by funding code, fiscal year, and obligation control level, and compare to encumbrances. Analyze rates and license fees on licenses to determine bylaw compliance. Match vendor address file with employee address file to ensure compliance with vendor restrictions. Extract purchase orders below dollar amount requiring compliance with sealed bids. Extract transactions of assets funded by grants to ensure compliance with grant requirements. 10

COMPLIANCE (CONT.) Sort contracts database by contract or cost types to test compliance with government contract terms. Identify invalid cost transfers. Identify high-risk transactions (e.g. high dollar equipment, subcontracts, etc.). Identify individuals (scholarship recipients, athletes, etc.) not meeting minimum academic requirements. Analyze grading patterns which may indicate preferential treatment for specific students. 11

COMPLIANCE What compliance risks does your institution face? 12

EXAMPLE: PURCHASING AND ACCOUNTS PAYABLE 13

PURCHASING AND ACCOUNTS PAYABLE Reconcile order received to purchase order to identify shipments not ordered. Extract pricing and receipt quantity variations by vendor and purchase order. Track scheduled receipt dates versus actual receipt dates. Compare vendor performance by summarizing item delivery and quality. Compare accrued payable to received items to reconcile to general ledger. Identify duplicate invoice numbers. Identify duplicate payments (e.g., same amounts, common dates, etc.). 14

PURCHASING AND ACCOUNTS PAYABLE (CONT.) Identify unreleased encumbrances to clear excess funds. Review sequential invoice numbers for evidence of invoice splitting or sole customer. Find invoices without purchase orders. Look for distributions to suppliers not in suppliers master file. Compare recurring monthly expenses to paid invoices. Identify invoices posted with duplicate purchase order numbers. Calculate cash requirements by bank, period, product, vendor, etc. Look for lost discounts not taken. 15

EXAMPLE: GRADES AND REGISTRATION 16

GRADES AND REGISTRATION Identify admitted students with grades or test scores that do not meet entrance requirements. Identify excessive course loads (by faculty or students). Identify frequent or unusual grade changes. Calculate the number of days past tuition due date for course withdrawals with non-payment (as applicable). 17

EXAMPLE: PAYROLL 18

PAYROLL Identify incompatible or deactivated social security numbers Analyze for excessive hours/overtime. Analyze salary rates against approved rates. Identify duplicate names and social security numbers. Identify employees with no benefit payments. Extract multiple paychecks to same bank account. Identify excessive overtime in a department or by employee. Look for changes in key payroll data, such as gross pay, hourly rates, salary amounts, exemptions, etc. 19

PAYROLL (CONT.) Identify employees with increases greater than a specified percent. List employees with no vacation or no more than two consecutive days vacation in the last two years. 20

EXAMPLE: INFORMATION TECHNOLOGY 21

INFORMATION TECHNOLOGY Compare authentication/authorization files to employee files to verify that terminated employees have been removed from the system. Identify inactive user accounts (no activity in a set period of time). Identify large numbers of invalid access errors or log on attempts by users. Review access granted to temporary employees and students. Identify system access to key IDs occurring at odd times or from suspicious locations. Review for segregation of duties issues. 22

EXAMPLE: TUITION 23

TUITION Compare refund check addresses to employee addresses or drop boxes. Compare refund payments to refund policy. Identify refunds made outside of established refund dates. Identify multiple refunds to the same payee and/or irregular refund amounts. 24

EXAMPLE: UNCOVERING FRAUD 25

UNCOVERING FRAUD Is your organization falling victim to fraud? 26

UNCOVERING FRAUD Data Analytics can be used to identify fraud across the organization. Perform red flag testing to identify potential fraudulent vendors; look for vendors with multiple hits on the following examples: Address match to employee or customer address Telephone number match to employee or customer number Multiple vendors at the same address Duplicate telephone number Area code inconsistent with address Duplicate payments across 100% of AP transactions Monitor AFE spending limits. Identify multiple purchases designed to circumvent Delegation of Authority limits. Analyze AR write offs/adjustments. 27

UNCOVERING FRAUD Data Analytics can be used to identify fraud across the organization. (cont.) Review for excessive overtime. Review time card data for anomalies. Paid Time Off not taken. Identify negative deductions. Identify excessive numbers of exemptions. Analyze hours worked compared to hours paid. Determine individuals with no benefits (potential ghost employees). Identify multiple checks in a pay period. Identify duplicate payments (name, social security number, address, etc.). Determine segregation of duties conflicts. Identify transactions made by persons with segregation of duties conflicts. 28

CONTINUOUS MONITORING 29

CONTINUOUS MONITORING What is Continuous Monitoring? Monitors 100% of transactions Automated testing across one or more systems on a predefined frequency Provides reporting on a customized series of queries designed around an organization s individual business rules 30

IMPLEMENTING CONTINUOUS MONITORING Understand your environment Step 1 Map your data between tables and systems Step 2 Confirm the integrity of data imports and joins Step 3 Tailor queries to match your environment Step 4 Identify and adjust for false positives Step 5 Determine frequency and distribution Step 6 Step 7 Respond to monitoring results 31

IMPLEMENTING CONTINUOUS MONITORING Step 1 Understand your environment Preliminary set up and planning is critical Consider the specific organization Control Environment/Tone at the top Process Controls People Establish objectives What are your goals? Start simple and go for the win 32

IMPLEMENTING CONTINUOUS MONITORING Step 2 Map your data between tables and systems Analyze the Data What systems are involved? How is the data stored? What is the relationship between the different types of data? What fields do I need? Is the information I am interested in captured? 33

IMPLEMENTING CONTINUOUS MONITORING Step 3 Confirm the integrity of data imports and joins Verify control totals Confirm the accuracy of date, formatting, etc. 34

IMPLEMENTING CONTINUOUS MONITORING Step 4 Tailor queries to match your environment Design queries -what is it you want to know? Comparing actual rates to contract rates Reviewing payroll data for excessive overtime hours booked Reviewing transactions to determine if multiple purchases are being used to skirt delegation thresholds Determine organizational specific thresholds for review: Delegation of authority limits Payroll rate increases Budget numbers Segregation of duties rules 35

IMPLEMENTING CONTINUOUS MONITORING Step 5 Identify and adjust for false positives What items are showing up as exceptions that are reasonable: Annual bonus payments New hires New vendors Discounts for timely payment of an invoice etc. 36

IMPLEMENTING CONTINUOUS MONITORING Step 6 Determine frequency and distribution What is the best frequency to run each query? Who should receive the results? What are the expectations on resolving exceptions? Who should monitor the process? 37

IMPLEMENTING CONTINUOUS MONITORING Step 7 Respond to monitoring results Clear reported exception Consider the potential for additional false positives Validate the existing queries and design/change as appropriate How has your risk changed? Consider other processes for inclusion in the continuous monitoring process 38

QUESTIONS? 39

THANK YOU! Angel Butler Senior Manager UHY Advisors TX, LLC abutler@uhy-us.com 713-561-6559 40

ABOUT UHY ADVISORS, INC. In July, 2000, six leading regional tax and business advisory firms, with tenures dating back to the mid- 1960s, merged to form a national professional services entity known today as UHY Advisors, Inc. They came together in the pursuit of a shared vision: to deliver the service of a local/regional firm and the services of a national firm to the dynamic middle market. UHY Advisors provides tax and business consulting services to a variety of sectors. UHY LLP, a licensed certified public accounting firm, provides audit and other attest services to public and private companies through an alternative practice structure. Across the board, our professionals are as optimistic, confident, and as capable as the leadership of the companies we serve. To this end, we endeavor to hire and train professionals empowered to meet these high standards. UHY ADVISORS 2929 Allen Parkway, 20 th Floor Houston, TX 77019-7100 Phone 7139601706 Fax 7135724681 Web www.uhy-us.com UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of UHY Advisors. UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. and UHY LLP are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. UHY is the brand name for the UHY international network. Any services described herein are provided by UHY Advisors and/or UHY LLP (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members. 2013 UHY Advisors, Inc.. All rights reserved. 010913