Getting Started with Continuous Auditing and Continuous Monitoring. Prepared for Raleigh-Durham IIA Chapter May 10, 2013

Similar documents
Big Data, Data Analytics, and Data Visualization building your knowledge and expertise. September 15, 2015

Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

Using Technology to Automate Fraud Detection Within Key Business Process Areas

An Auditor s Guide to Data Analytics

Why is Internal Audit so Hard?

PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

Automating the Audit July 2010

San Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young

Reduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Our Data Analytics Journey, Methodology, and More. September 15, 2015

Qi Liu Rutgers Business School ISACA New York 2013

White Paper April 2006

Completing an Accounts Payable Audit With ACL (Aired on Feb 15)

Learn the Secrets Behind Turning Excel Analysis into Powerful, Trusted Report Analytics

Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples

Continuous Monitoring: Match Your Business Needs with the Right Technique

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

Chapter 4 Getting Started with Business Intelligence

SocrateBI. Functionality overview

How To Write An Impactful Audit Report

Integrating Data Analytics into Internal Audit

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Information overload: How to make data analytics work for the internal audit function

Data Mining/Fraud Detection. April 28, 2014 Jonathan Meyer, CPA KPMG, LLP

Accounts Payable Fraud Services

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology

Finding the Sweet Spot. Using analytics to combine Fraud and AML

The Power of Risk, Compliance & Security Management in SAP S/4HANA

Auditing for Value in the Procure to Pay Cycle Dallas IIA Chapter. October 1, 2009

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Building a Data Quality Scorecard for Operational Data Governance

Data & Analytics in Internal Audit. January 13, 2015

Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution

Improve your Close Cycle Using Financial Close Manager

White Paper - Travel & Entertainment Spend Analytics Best Practices

BBBT Podcast Transcript

Lavastorm Resolution Center 2.2 Release Frequently Asked Questions

Intelligent Process Management & Process Visualization. TAProViz 2014 workshop. Presenter: Dafna Levy

Using Data Analytics to Detect Fraud

Intelligence Reporting Frequently Asked Questions

Technology s Role in Simplifying Salary & Incentive Compensation

Expert Systems in Fraud Detection: Expert Knowledge Elicitations in a Procurement Card Context

Accounts Payable Capture and Approval

Driving Operational and Financial Improvements using Balanced Scorecards and Key Performance Indicators

Microsoft Dynamics NAV

Welcome to Metafile. Solving document issues for over 30 years. Matt Akin x 301

CONTINUOUS AUDITING: A STRATEGIC APPROACH TO IMPLEMENTATION. A CaseWare IDEA Research Report

Data Analytics For the Restaurant Industry

NRP Training Series 2001 Financial Record Keeping

Defining, building, and making use cases work

Best Practices in Duplicate Invoice Detection

Internal Controls, Fraud Detection and ERP

Azure Machine Learning, SQL Data Mining and R

An Evaluation of No-Cost Business Intelligence Tools. Claire Walsh

Data analysis for Internal Audit

Module 2 IS Assurance Services

Fraud Workshop Finding the truth in the transactions

Business Intelligence & Product Analytics

Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you

Monitor and Manage Your MicroStrategy BI Environment Using Enterprise Manager and Health Center

How to select the right Marketing Cloud Edition

Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009

Relational Databases for the Business Analyst

AuditNet 2012 Survey Report on Data Analysis Audit Software

Sage ERP MAS. Everything you want to know about Sage ERP MAS Intelligence. What is Sage ERP MAS Intelligence? benefits

Taking Data Analytics to the Next Level

The top ten reasons your organization needs Snow Optimizer for SAP Software. Snow optimizer for SAP software

SPEAKERS: Jeremy Fuchs VP of Financial and Reporting Systems, Lionsgate

Table of Contents. Data Analysis Then & Now 1. Changing of the Guard 2. New Generation 4. Core Data Analysis Tasks 6

Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution

This presentation is an introduction to the SQL Server Profiler tool.

XpoLog Center Suite Log Management & Analysis platform

New, changed, or deprecated features

Understanding Your Data and Best Practices in Data Analytics

ElmTree System Engineering Laboratory Management System

White Paper: FSA Data Audit

HOT TREND: ACCOUNTS PAYABLE AUTOMATION

Internal Audit Checklist

Myth or Fact: The Diminishing Marginal Returns of Variable Creation in Data Mining Solutions

VERSION NINE. Be A Better Auditor. You Have The Knowledge. We Have The Tools. PRODUCT PROFILE

Advanced Data Analytics, the Fraudsters Worst Enemy

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

Simplifying the audit through innovation. PwC Accounting Symposium August 7, PwC Audit Transformation 19

Benford s Law and Digital Frequency Analysis

Capacity Management PinkVERIFY

Predictive Analysis Risk Analysis

Transcription:

+ Getting Started with Continuous Auditing and Continuous Monitoring Prepared for Raleigh-Durham IIA Chapter May 10, 2013

Session Agenda 2 n Headlines - the Why behind Data Analysis and Continuous Auditing (CA) n IIA Guidance and Definitions (Global Technology Audit Guides #3, #13, #16) n Visual Risk IQ s QuickStart sm Methodology n Brainstorming Exercise: P-Card Audit Planning n State of the Art in Continuous Auditing and Continuous Monitoring n Q&A n Additional Resources

Headlines - who uses data analytics? 3 What do we want to be famous for?

Data Analysis definition(s) 4 n ACFE the practice of assessing bodies of data to identify potential indicators of fraud n IIA is the process of identifying, gathering, validating, analyzing, and interpreting various forms of data within an organization to further the purpose and mission of internal auditing n Wikipedia the process of inspecting, cleaning, transforming, and modeling data with the goal of highlighting useful information, conclusions, and supporting decision making n Thomas Davenport (Harvard professor and consultant) see following slide

Data Analysis definition(s) source: Thomas Davenport 5 Past Present Future Information What happened? What is happening now? What will happen? Data Analysis as reporting Data Analysis as alerts Data analysis as extrapolation Insight How and why did it happen? Data analysis as modeling / design What s the next best action? Data analysis as recommendation (value add) What s the best / worst that can happen? Data analysis as prediction / simulation

What & Why of Data Analytics Why are we here? 6 n An auditor s best (only?) friend the Sample n Increasing digital audit universe n Relatively unchanged audit approach n Post-SOX pressures on the Profession n Practical ways to do more with less Think about the Fraud Triangle Financial Pressure, even Rationalization are increasing What is the Audit Profession doing about Opportunity

Say what? 87

Review of IIA Guidance 12 8 n Continuous Auditing n Method used to perform audit-related activities on a continuous basis. Includes control and risk assessment n Activities performed by the Internal Audit function n Continuous Monitoring n Process to ensure policies / processes are operating effectively and to assess adequacy of controls n Performed by Operational / Financial Management; audit independently evaluates the n Continuous Assurance n Combination of Continuous Auditing and Audit Oversight of Continuous Monitoring Activities n CAATs (Computer Assisted Audit Techniques) n Using data analysis in executing audit programs

IIA GTAG #13 - Fraud Prevention and Detection in an Automated World 15 9 n Reiterates IIA Professional Standards n 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and the manner in which the organization manages fraud risk n The internal auditors must consider the probability of significant errors, fraud, non-compliance, and other exposures when developing the engagement objectives. n Advocates use of technology n Provides examples of fraud schemes and data analysis tests that are designed to identify each schemes. n No endorsement of a specific software product n Analysis tools for structured and unstructured data

IIA GTAG #16 Data Analysis Technologies 16 10 n Provides implementation guidance n Consider Key Performance Indicators and Metrics n Also consider mean, variance, and outliers n Patterns, including digital analysis / Benford s Law n Introduces Data Analysis Maturity Model n Methodology is plan, prepare, test, review n Barriers n Poorly defined scope n Data location and access n Data understanding and preparation n Manually maintained data Internal auditors who don't use data mining and analytics should get on their horse & buggy and go home @rfchambers

Continuous Auditing has been hot for years. But what is continuous? 18 11 Continuous auditing / continuous monitoring programs Today s continuous auditing frequency 90 68 45 23 0 Plan to implement Fully opera8onal 60 45 30 15 0 Quarterly Monthly Daily ** Source: PwC State of the Internal Auditing Profession Copyright PricewaterhouseCoopers LLP CA / CM become right time when the timing and frequency of evaluation matches business requirements. What frequency interval is right for revenue transactions? Supply chain?

QuickStart sm Methodology Brainstorming 27 12 Brainstorm Refine and Sustain Acquire and Map Data Brainstorm Review Audit Objectives Explore Internal Data Sources Compare vs External Data Sources Consider with other Audit Tests Analyze and Report Write Queries Kinds of Queries Metrics and Trending Queries (Top 10) Outlier Queries (Statistics Tables) Exception Queries (Needles in the Hay)

Data Analytics is the Connect between thoughtful Questions, and (Digital) Data 28 13 n What business or control questions would you like to answer? Why? n How would you identify the answer today? n Would knowing the answer in greater depth be useful? n What about knowing the answer more often (i.e. greater frequency) n Disparate data files, especially external ones, often hold the key. n Who is best for brainstorming?

QuickStart sm Methodology Acquire and Map Data 29 14 Brainstorm Refine and Sustain Analyze and Report Write Queries Acquire and Map Data Acquire and Map Data Identify specific sources Explore direct vs. flat file access Submit written data request, including control totals Tie out record counts and control totals Trace control totals back to ledger or other source systems

Brainstorming Exercise: P-Card Audit Planning 15 30 Assumptions: Data acquisition is easy and free. Any interesting, relevant data file, whether internal or external, can easily be made available on our audit department server (PC, USB Drive, etc.) Programming resources are plentiful. Most any query that the team brainstorms can be developed at a reasonable cost. There is sufficient time between planning and fieldwork, such that the queries can be developed, tested, and executed. So. Begin with audit objectives. What questions should we answer? Besides P-Card data, what else is useful to answer those questions? And what relevant queries would you want to write? Consider Metric, Outlier, and also Exception queries Any other thoughtful and logical ways to group the queries

Exercise #1: Cross-reference Business Questions to Data Sources 31 16 Query Card Holder Master Data Charge and/or Expense Data Employee Master Data Other Payment Data (Fleet, AP, etc.) Your Test #1 X X X Your Test #2 X X X Other Data Sources Your Test #3 X X X Your Test #4 X X X Your Test #5 X X X X X

Exercise Results: Cross-reference Questions to Data Sources in Excel 32 17

Data Acquisition Overcoming Barriers 33 18 n Find the Business Analyst how do they obtain data for their job? n Understanding Tables and Relationships n Data dictionary / local customizations n Requesting data from Information Technology Staff / Vendors n Fixed vs. Variable Length n Delimited Files n Quoted Text n Column Headers

QuickStart sm Methodology Write Queries 34 19 Brainstorm Refine and Sustain Analyze and Report Write Queries Acquire and Map Data Write Queries Virtual Fields Join Summarize Stratify Extract Filtering Criteria Trending many other command and techniques

Understanding and Planning for False Positives 35 20 Real Condition is True Type I Error (Incorrect Rejection) Real Condition is False Type II Error (False Positive) The Test Reports that the Condition is False The Test Reports that the Condition is True

Relative Size Factor Another Tool for Outlier Analysis 36 21 Largest to 2 nd Largest to Average $343,291.00 $ 3,432.91 $ 3,432.91 $ 3,432.91 $ 3,432.91 RSF=100 $34,329 $ 2,876 $ 1,725 $ 2,254 $ 1,929 $ 2,367 Avg=$2,230 RSF=15 Look for uniquely high RSF or RSF in multiples of 10 or 12. Did your organization pay the per dozen price for each unit?

Discussion: Split Limits Analyzing for Proper Approvals 37 22 So how do you feel about validating whether a receipt over (or under) a particular limit is in fact a valid business expense

QuickStart sm Methodology Analyze and Report 38 23 Brainstorm Refine and Sustain Acquire and Map Data Analyze and Report Consider Trends and Exception Queries Graphs and Tables Correlation analysis Pivot Tables Other Techniques Charts / color / directionality Analyze and Report Write Queries

Analyze and Report - Outlier Queries Mean and Standard Deviation 39 24 Z-Score

Benford s Law A Special Case for Mean and Standard Deviation 40 25 What do these spikes tell us?

Benford s Law continued Second Digit vs. First Two Digits 41 26

QuickStart sm Methodology Refine and Sustain 42 27 Brainstorm Refine and Sustain Acquire and Map Data Refine and Sustain After-Action Review Re-use Queries for Follow-up Tests Re-use Queries for Risk Assessment Transition Queries to Management Analyze and Report Write Queries

Refine and Sustain Examples 43 28 n After Action Review n Consider timing of key audit tasks n What should we do earlier? n What could we do later? n Who else should we involve? Why? Start Stop Continue

Case Study 1 Research University (Beginning to Intermediate) 29 44 n Where was here for them? n New software / no experience using it n Difficulties getting data from IT n Excellent analysis and reporting skills n Where was way point (an interim there ) for them? n Practical success using the new software n Methods and templates for broadening use of the software on their team n Repeatable methods and scripts for getting data from IT

Focus for QuickStart sm Research University 30 45 Brainstorm Refine and Sustain Acquire and Map Data Analyze and Report Write Queries

Case Study 2 Health Insurance / Payer (Intermediate to Advanced) 31 46 n Where was here for them? n No confidence in experience with business process targeted n No experts in ACL to which they have a license n No knowledge of their ERP or how to request data required n No knowledge of writing complex duplicate search queries n Excellent analysis and reporting skills (with SAS / SQL) n Where was way point (an interim there ) for them? n Practical success using SQL skills they had n Methods and templates for broadening use of SQL for other similar data analysis projects n Better understanding of their ERP and repeatable methods and scripts for getting data from IT

Focus for QuickStart sm Health Insurance / Payer 32 47 Brainstorm Refine and Sustain Acquire and Map Data Analyze and Report Write Queries

State of the Art in CA / CM What does it look like? 33 50 AP, HR, and/or GL Data Systems of Record Extract & Mapping Rules Knowledge Maintenance Console Common Data Models Risk and Performance Checks Workflow & Platform Configuration Contract or Project Data Extract, Map & Load Audit Database Reasoning & Analytics Engine Workflow Engine Watch List data The Platform Visual Reporting / User Interface Platform Data & Logs

Key Capabilities of Advanced CM / CCM Solutions n Non-invasive extraction from systems of record 3451 n Ability to define and easily map into common data models n Identify and track revisions to master data n Modern, easily configured data analytics engine n Interactive review, filtering, and assignment of exceptions n Dashboard with click- and drill-through to row-level exceptions n Query results can be configured to track exceptions AND activities / results of exception research

Coming Soon(er) or later? 352 n Visual reporting / trend analysis by anomaly count, type, severity n Drill through / drill around n Charts and tables, re-configurable with user defined thresholds n Linking of disparate, comparative external data sets n Purchasing n Time capture system n Relationships between order, dispense, administration, billing n Combining analysis of structured and unstructured data n Comparison of transaction exceptions with User ID, workstation ID, network / MAC address, and more

Wrap-up Thoughts 53 36 n Assess where your audit team is on the Maturity Curve. Where do you want to be? Find a small win opportunity and get started. n Begin with more frequent risk assessment. What questions should we ask each quarter to tell us whether our risk assessment is still on target? n Identify an audit where you can be data-driven in your analysis. What questions do you want to answer? How does management know? n Identify management reports that audit can use to validate financial or operational performance? Would accessing the data sources directly answer other questions? n Challenge your teams to be the R&D lab for innovation in continuous monitoring and data analysis

For Additional Information 54 37 Joe Oringel Managing Director Visual Risk IQ 704.353.7000 or 704.752.6403 Joe.Oringel@VisualRiskIQ.com Twitter @VisualRiskIQ

Additional Reading and Resources 38 55 https://na.theiia.org/standards-guidance/recommended-guidance/ practice-guides/ (For GTAG s #3, #13, and #16) Rutgers University Continuous Auditing and Reporting Lab (CAR-LAB) LinkedIn Groups: - Continuous Controls Monitoring - Various IDEA and ACL User Groups - Continuous Audit - IDEA Audit Software User s Group - Tableau Software Fans and Friends Authors: - Thomas Davenport (academic view of data analytics) - Malcolm Gladwell (layperson s view of data analytics) - Edward Tufte (visual reporting)

The Rutgers CAR-LAB Host of 27 Symposia, and counting 39 56

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information