www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

Similar documents
Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

4th Annual ISACA Kettle Moraine Spring Symposium

Automating the Audit July 2010

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Compliance & Internal Audit Collaboration

CIIA South West Analytics in Internal Audit - Tackling Fraud

Reduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager

Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Explore the Possibilities

Finance Effectiveness Efficiency

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

The Power of Risk, Compliance & Security Management in SAP S/4HANA

Shared Service Center Mehr als eine Standortbestimmung Tag der Beratung 7. Juni 2011

Business Intelligence for IT

Using data analytics and continuous auditing for effective risk management

New supervisory guidance on model Overview, analysis, and next steps

Using Technology to Automate Fraud Detection Within Key Business Process Areas

Oracle Financial Services Broker Compliance

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

AuditNet 2012 Survey Report on Data Analysis Audit Software

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

CONTINUOUS CONTROLS MONITORING

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples

Business Intelligence in the real-world

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

Turn Your Business Vision into Reality with Microsoft Dynamics SL

Data & Analytics in Internal Audit. January 13, 2015

Data analytics Delivering intelligence in the moment

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

Continuous Monitoring: Match Your Business Needs with the Right Technique

San Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young

Effective Utilization of SAP ERP HCM as an Efficient & Cost Saving Tool in Business

ORACLE BUSINESS INTELLIGENCE APPLICATIONS FOR JD EDWARDS ENTERPRISEONE

Tax technology Megatrends and the impact on tax functions January 2014

SMART CRM Desk for Service Sector. Solution for Customer Relationship Mgmt (CRM) in Service Industry

Finding the Sweet Spot. Using analytics to combine Fraud and AML

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Functional and technical specifications. Background

Complete Financial Crime and Compliance Management

Data Analytics in Internal Audit. Elizabeth Dunkerley

Strategic Supply Chain Management. Medical Device Supply Chain Council 1 October 2013

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Financial Systems Integration

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

Oracle Hyperion Financial Close Management

Dynamic Enterprise Performance Management

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Manage and Control Access Risk and Assess Its Financial Impact

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Minimize Access Risk and Prevent Fraud With SAP Access Control

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

At the Heart of Connected Manufacturing

Technology Risk Management Are you ready?

BUSINESS INTELLIGENCE

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

ORACLE PLANNING AND BUDGETING CLOUD SERVICE

RSA ARCHER AUDIT MANAGEMENT

Executive Summary WHO SHOULD READ THIS PAPER?

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

Oracle Role Manager. An Oracle White Paper Updated June 2009

Building a Roadmap to Robust Identity and Access Management

IAIS Insurance Core Principle 16

Improving sales effectiveness in the quote-to-cash process

How To Improve Your Business

IT Governance. What is it and how to audit it. 21 April 2009

<risk> Enterprise Risk Management

ORACLE PROCUREMENT AND SPEND ANALYTICS

Moving Forward with IT Governance and COBIT

Data analytics and workforce strategies New insights for performance improvement and tax efficiency

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Getting it Right: How to Find the Right BI Package for the Right Situation Norma Waugh. RMOUG Training Days February 15-17, 2011

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

Predictive analytics with System z

Independent process platform

Leveraging a Maturity Model to Achieve Proactive Compliance

Internal Audit of Human Resources (HR) People Costs and Business Risk -

Simplifying the audit through innovation

Internal audit value optimization for insurance organizations

Strategic Supply Chain Management The five disciplines for top performance. Food & Consumer Products of Canada Webinar Toronto, February 24, 2014

Harness the Power of Analytics Across Lines of Business with Speed and Ease

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

ORACLE HYPERION PUBLIC SECTOR PLANNING AND BUDGETING

QA Engagement Models. Managed / Integrated Test Center A Case Study

The Corporation of the City of London Quarterly Report on Internal Audit Results

Continuous Auditing / Continuous Monitoring

U-LINC : Workflow and Notifications Anytime and Anywhere for Microsoft Dynamics GP

Oracle Health Insurance Policy Administration. Oracle Health Insurance Claims Management

Great Expectations : How to Detect and Prevent Fraud using Data Analysis

Transcription:

www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 2

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 3

Key Drivers for Change in the Internal Audit The needs of organizations for risk mitigation and assurance have changed dramatically Strategic risk is a key concern for Boards, yet the amount of information provided regarding strategic, value impacting opportunities and threats is often limited Executive Management is also focused on strategic, organizational and business risks Globalization, expansion and the heightened pace of change are increasing the complexity of risks Broader Risks: risks around financial controls and basic compliance are managed more effectively, while there are few robust techniques for overseeing broader risk Do More with Less: there are increasing pressures to reduce the cost of compliance 4

Year to Year Efficiency Priorities Increase use of technology Simplify reporting Identify audit process inefficiencies Utilize a more risk based approach Standardize audit procedures Reduce travel Reduce external training 14% 11% 46% 42% 34% 49% 29% 24% 23% 39% 31% 58% 69% 69% Plan to employ Have employed 5

Barriers to Effective Use of Technology Lack of skills and knowledge 55% 56% Lack of access 36% 43% Lack of methodology 40% 41% Other 45% 54% Data tools Organizational systems 6

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 7

Stakeholders Perspectives on the Future of Internal Audit Optimize Internal Audit processes and leverage technology to enhance insight and increase productivity. Significantly More Value 1. Realigning audit coverage 2. Improving process and leveraging technology Materially Less Cost Technology to execute audits - Data retrieval software to automate testing Increase audit coverage Focus on anomalies Continuous monitoring - Data mining/analysis software for predictive analysis and modeling Technology to improve the efficiency of the audit process - Automate issue tracking - Streamlined reporting - Knowledge management and leading practices - Storage and retrieval of work products 8

Internal Audit Process Framework As Is Process to utilize results for next year s Risk Assessment Utilize information from previous audits for current audits (ad-hoc data analysis not leveraged project to project). However, informal sharing of information within group. ANNUAL Risk Assessment Audit Plan Fieldwork Technology is being applied here (in audit management and data analysis), to speed up audit process Reporting Wrap-Up but the major limiting factors are in annual risk assessment and in reporting delays 9

Internal Audit Process Framework - Future A technology enabled approach to the internal audit framework allows for more timely identification of and response to risks. ONGOING Risk Assessment Monitor key risks Changes in KRIs indicating change in risk profile Audit Plan Monitor results to change frequency/ scope of planned audits PERIODIC Fieldwork Strategic Audit Reporting Report changes in trends to management Continuous Audit Program Execute Automated Script Exception Reporting Review Reports No Action 10 Needed

Continuous Auditing Maturity There is a broad spectrum of technology use in Continuous Auditing. Fully Optimized Technology enables full integration into internal audit workflow Business focused Ad Hoc Analytics Occasional, ad-hoc data analysis on certain audits Initial Stage Creation of data experts to develop routine data analysis techniques No process for incorporating into IA methodology IA focused Routinely Leverage Core technical competencies resident within the department Results used for updating risk assessment throughout the audit process Enhancing the use of technology can assist with improving the efficiency of the Continuous Auditing process. 11

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 12

Challenges Facing CAEs Chief Audit Executives (CAEs) are faced with several challenges where CA is concerned: Where do I start? What technologies do I need to consider? What are the best practices for leveraging data analysis in the internal audit? What pitfalls do I need to avoid? What are my competitors doing? Are there any benchmarks or other guidelines I can use to help direct my strategy? What does a successful CA pilot look like? 13

Benefits from Continuous Controls Monitoring (CCM) Continuous Controls Monitoring Risk Management Compliance-Office Process-Owner Internal Audit Effective detailed risk analyses in de-/central business units Reporting and evaluation of key data and ratios (e.g. integrated compliance risk) Continuous, complete and company-wide analyses of a company s fraud risks based on empirical data Enforcement of policies and standards Demonstration of developments/trends of newly implemented (compliance) initiatives Increase of process and data quality Internal compliance benchmarking Transparency with regard to attitude change towards compliance Optimization (automation) of the internal controls systems and its monitoring (incl. monitoring of potential violations/alerts and its remediation) Uncover additional process in-efficiencies (e.g. Human errors, unexploited contractual conditions) Reduction of (existing) process controls Optimisation of the risk based audit approach Establishment of the pre-requisites for a Continuous Audit (internal und external audit) Automation of testing Damage minimization through proactive prevention and detection (e.g. fraud) Preventative Detective 14

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 15

Where to Start? A Top Down Approach Pragmatic top down approach Concentration on key risks and link to key controls Identification of essential/top risk areas Top down approach to identify key controls: starting with management level / IT-/ automated controls and completion with process controls if the before mentioned controls don t offer adequate coverage. Top down Key risks Monitoring /IT/ Automated controls Process controls +... and continuous risk monitoring Continuous monitoring of the risk remediation progress Reporting: Alerts reporting and ageing (risk exposure); Recording of alerts remediation activities Organization: Responsibility and ownership, escalation process Compliance level: Trend analyses and monitoring of behavioral change 16

Top down s Risk Based Top Down Approach Key risks Monitoring /IT/ Automated controls Where do you start? To leverage data Process controls analytics and implement a CA / CCM solution successfully, you need to first determine where you want the analytics to be focused What are the higher risk areas in the enterprise? Within those areas, which risks do you want to focus on? Can we create high value analytics which will help address those risks? 17

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 18

Potential Technology Architecture Technology Considered MS SharePoint or Workflow Mgmt Tool MS Analytical & Reporting Services or Reporting Tool TBD based on vendor selection and requirements (e.g. ACL CCM, Oversight, MS SQL Server, etc.) Dashboard Reporting Risk Indicators / Control Parameters Description / Use Screens presented to users based on modules implemented and user roles. Behind the scenes formatting of reports and information to be presented through the dashboard. Analytical engine which is customized based on testing/auditing requirements. Audit Data Warehouse Leverage Internal Data Warehouse or MS SQL Server P-Card All Industries Procureto-pay Orderto-cash Capital & F.A. Financial Reporting HR & Payroll T & E Others Industry Specific Retail Store Others Modules are implemented in the warehouse based on data requirements associated with KRI s. MS Integration Services or client existing ETL Tool* Extractor / Mapping / Load Automated process to pull data from source systems and map into data warehouse. *Integration or ETL tool used will depend on the software used for the Audit Data Warehouse SAP Oracle JDE PSFT Other Leverage existing client infrastructure and source system. 19

CA / CCM Software Tools Tools should not drive CA / CCM decision-making and approach definition A suitable tool could be selected once requirements / processes are well-defined There are many acceptable tools on the market Most specialized tools require significant investment Less expensive general data analysis tools are already owned by companies (ACL, MS Access, MS SQL Server). While lacking some specialized features, these are widespread and could be effectively used in the initial phases 20

The Ideal CA / CCM Resource To effectively deliver results with a strong value proposition, the ideal resource to lead and build the data analysis and CA / CCM solution would have the following capabilities: Accounting Business processes Audit methodologies IT and manual controls knowledge Basic fraud knowledge across major business cycles ERP knowledge Data normalization skills Strong analytical skills Excellent organization & communication skills Programming knowledge 21

Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best Practice Approach Getting the Right Data & the Right Resources Next Steps 22

Where are you on the data analysis / CA maturity curve? There is a broad spectrum of technology use in Continuous Auditing. Fully Optimized Technology enables full integration into internal audit workflow Business focused Ad Hoc Analytics Occasional, ad-hoc data analysis on certain audits Initial Stage Creation of data experts to develop routine data analysis techniques No process for incorporating into IA methodology IA focused Routinely Leverage Core technical competencies resident within the department Results used for updating risk assessment throughout the audit process Enhancing the use of technology can assist with improving the efficiency of the Continuous Auditing process. 23

Further Discussion and Next Steps Contacts: Brent Papciak John Jay McKey brent.w.papciak@us.pwc.com john.jay.mckey@us.pwc.com 24

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2010 PricewaterhouseCoopers LLP All rights reserved. In this document, refers to [insert legal name of the firm] which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information