Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples June 3, 2015 Cliff Stephens, CISA
Agenda Introductions Technological Advances in Analytics Capitalizing on Analytics How to Approach and Where to Start Real-World Examples
3
4
We are Sunera Technology is at the core of everything we do. From cutting-edge data analytics to sophisticated vulnerability assessments, our clients know we bring the industry s top professionals to their internal audit, IT, and compliance challenges. Our sole focus is the customer. Our services protect your business from inefficiency and external threats, resulting in cost savings and the confidence that your business, customers, and reputation are secure. Quality matters, and we built our reputation on it. That s why we only hire full-time employees with the best industry certifications. Continuity is the key to all of our engagements. More than 96% of our employees say there are clear opportunities for them to advance at Sunera. Our customers are happy because our employees are loyal and committed to their work. 5
Offices and Credentials More than 220 consulting professionals Served more than 1,000 clients Completed more than 3,500 engagements Founded by former Big-4 risk partners and professionals Highly credentialed professionals, including ACDA, CISSP, CIPP, CISM, CBCP, CMA & PMP Certified integration partner for leading continuous controls monitoring solutions, including ACL and Arbutus 6
Data Analytics Program Development Methodology 7
Data Analytics Lifecycle Reactive Predictive Manual Testing Ad-Hoc Analytics Managed Analytics Continuous Auditing Continuous Monitoring Ownership Shifts to Business 8
Efficiency From Automation and Visualization Typical State Q1 Q2 Q3 Q4 + - Easier to set up initially - Typically run on an ad-hoc or Managed basis More time consuming Playing catch up with old exceptions 9
Efficiency From Automation and Visualization Ideal State Year-round 10
Data Analytics Tools Reactive Predictive Manual Testing Ad-Hoc Analytics Managed Analytics Continuous Auditing Continuous Monitoring Desktop Server 11
Common CCM Tools There are a wide variety of tools that specialize in or offer the ability to develop analytics, including: Core Data Source Example Internal Audit Analytics Architecture Extract & Aggregate Data Visualization / Distribution 12 12
Analytics Architecture 13
Analytics Opportunities Reports / Summaries / Process Improvement: Summarizes the data for planning, reconciliation or sample selection. Examples: Vendor Spend, Accounts Payable by Business Unit. Control Based: Clearly defined objectives that are more fact-based / black & white than the fraud & error based testing. Examples: User Access, Employee Terminated in HR but Active in SAP, Authorization Limits Fraud / Error Based: Use fuzzy matching and advanced logic to identify potential fraud or errors or identify potential cash recoveries. Examples: Duplicate Payments, Duplicate Expense Claims, T&E Predictive / Forecasting: Uses advanced algorithms to use inputs provided by the user to predict future events. Accounts for changes in weather and other special events that may have skewed comparative period results. Examples: Sales Trends 14
Integration into Audit Process Review Audit Programs - Anywhere there is a data element, there is potential for integration Meet with Business Process Owners - What are they interested in Focus on Low Hanging Fruit - Time Cumbersome Audit Testing Steps - Things that could not be done otherwise Leavers / Terminations Testing for ALL users. - Recovery Opportunities Duplicate Payments 15
Sample Integration Approach 1. Internal Discussion to Identify Data Analytic Integration Points Review Annual Audit Plan Review Individual Audit Programs Review Sunera Test Bank for Standard Analytics 2. Identify & Obtain Data Sets Understand Data Sources Validate / Reconcile Obtained Data 3. Perform Exploratory Analytics (Pre-Audit) Basic analytic steps to determine feasibility & benefit 4. Analytic Development Prepare value-add analytics for live audit 16
T&E Continuous Monitoring Data Analytics Example 1 Employee T&E is risk rated based on various factors such as: Excessive spend in an expense category Weekend expenses Top right quadrant marks associate with high risk and high # of policy exceptions Tableau dashboard enables immediate insight and drill-down capability 2 Expense reports for high risk associate Further drill down required 17
T&E Continuous Monitoring Data Analytics Example 3 Drill into the expense reports to see details Detailed view highlights that the employee submitted duplicate reports 18
Audit Findings Tracker Data Analytics Example 1 Interactive executive-level reporting for audit findings Tableau story drives the user to desired result 2 Interactive filters and views drill into owners Clicking on graphs will take user to detailed actions Unsatisfactory With Exception 19
Audit Findings Tracker Data Analytics Example 3 Easily isolate and export details of specific findings 20
HR Reporting Data Analytics Example 1 Details Automated SQL Server back ends jobs to extract and manipulate HR tables SSRS report pulls directly from SQL Server Key Benefits Extract scrubbed HR data by user ID or name Beneficial for user-access reviews and SOD projects Reduces the number of IA associates with access to HR data Expedites process of providing HR reports from three days to a couple of minutes 21
Fraud Scenario Monitoring Data Analytics Example Potentially Fraudulent Returns By Location By Customer ID By Employee 22
Text Mining Using R Data Analytics Example Unstructured Data - Social Media Data - Customer Comments / Employee Free Text - Survey Responses - Employee Chats - Web Crawling 23