www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

Similar documents
PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

Using data analytics and continuous auditing for effective risk management

Data Analytics in Internal Audit. Elizabeth Dunkerley

Data & Analytics in Internal Audit. January 13, 2015

Reduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager

Business Intelligence and Healthcare

Metrics by design A practical approach to measuring internal audit performance

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

San Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young

Advancing to Performance Management Solutions

Business Intelligence in the real-world

Self-Service Data Assurance for BI and Analytics

@DanSSenter. Business Intelligence Centre of Excellence Manager. +44 (0) dansenter.co.

Explore the Possibilities

Integrating Data Analytics into Internal Audit

Business Intelligence. Advanced visualization. Reporting & dashboards. Mobile BI. Packaged BI

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

The Internal Audit Analytics Conundrum Finding your path through data

Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples

HROUG. The future of Business Intelligence & Enterprise Performance Management. Rovinj October 18, 2007

Business Intelligence Project Management 101

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

CONTINUOUS CONTROLS MONITORING

Planning an ERP Implementation Small and Medium Enterprises

Project Management Office Best Practices

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Oracle Daily Business Intelligence. PDF created with pdffactory trial version

CIIA South West Analytics in Internal Audit - Tackling Fraud

Welcome to online seminar on. Oracle Agile PLM BI. Presented by: Rapidflow Apps Inc. January, 2011

JDE Data Warehousing and BI/Reporting with Microsoft PowerPivot at Clif Bar & Company Session ID#:

Analytics Industry Trends Survey. Research conducted and written by:

Auditing Application User Account Security and Identity Management with Data Analytics

Third Party Risk Management 12 April 2012

Business Intelligence Applications

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR

Using CAATs for Risk Reduction and Project Efficiencies

4th Annual ISACA Kettle Moraine Spring Symposium

Continuous Monitoring: Match Your Business Needs with the Right Technique

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

BI STRATEGY FRAMEWORK

Simplifying the audit through innovation

Building for the Future

Session 0905 ASUG SBOUC Align your Business and IT with a Solid BI Strategy. Deepa Sankar Pat Saporito

Presented By: Leah R. Smith, PMP. Ju ly, 2 011

Introduction to BPM. Dr. Setrag Khoshafian. Chief Evangelist & VP of BPM Technology

See below for data warehouse examples in New York State:

Bid/Proposal No. P15/9888 Business Intelligence Management

Moving Forward with IT Governance and COBIT

Using SAP Master Data Technologies to Enable Key Business Capabilities in Johnson & Johnson Consumer

Data Integration Alternatives & Best Practices

Oracle BI Application: Demonstrating the Functionality & Ease of use. Geoffrey Francis Naailah Gora

Continuous Auditing / Continuous Monitoring

Innovation. Simplifying BI. On-Demand. Mobility. Quality. Innovative

Building for the future

Business Intelligence for IT

Getting it Right: How to Find the Right BI Package for the Right Situation Norma Waugh. RMOUG Training Days February 15-17, 2011

A Marketing & Sales Dashboard Implementation Lessons Learned & Results

Before getting started, we need to make sure we. Business Intelligence Project Management 101: Managing BI Projects Within the PMI Process Group

Building a Culture of Quality in Food and Beverage Manufacturing. The Role of Integrated Business Systems in a Volatile Regulatory Environment

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.

Driving business performance Using data analytics

HR Technology Strategies that Work in Healthcare. Background

Corporate Tax Management

Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution

KMS Implementation Roadmap

Meet AkzoNobel Leading market positions delivering leading performance

Your Technology Partner Offshore and Onsite. Services Portfolio

Our Data Analytics Journey, Methodology, and More. September 15, 2015

TAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL. with ACL Travel & Entertainment Expense Fraud and Cost Control Solution

Position Number. Reports to Manager, Solutions Development Functional Auth HRM Auth Region Sydney Date Date Function ITSC Signature Signature

Armanino McKenna LLP Welcomes You To Today s Webinar:

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

QA Engagement Models. Managed / Integrated Test Center A Case Study

next-gen AWS Analytics Platform at half the cost BI TRANSFORMATION CASE STUDY I give a huge amount of credit to Insight Consulting

Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution

FINANCIAL REPORTING WITH BUSINESS ANALYTICS

Tax technology Megatrends and the impact on tax functions January 2014

The Business in Business Intelligence. Bryan Eargle Database Development and Administration IT Services Division

Real Property Portfolio Optimization

Qlik UKI Consulting Services Catalogue

Overview, Goals, & Introductions

G-Cloud Service Definition. Atos Accredited Oracle Business Intelligence Solutions SCS

Tableau Visual Intelligence Platform Rapid Fire Analytics for Everyone Everywhere

Your presenters. Brian McIlravey, CPP Executive Vice-President Former CEO PPM Brian Link VP, GRC Strategy Former E&Y Partner

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Transcription:

www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

Agenda 1. Introductions to DA, CA & CM [] 2. Inventory management continuous monitoring [The Gap] 3. Development of a CA/CM solution [] 4. Panel discussion / Q&A [All] 2

Leveraging data & technology to benefit internal audit Optimize Internal Audit processes by leveraging data and technology Significantly More Value 1. Realigning audit coverage 2. Improving process and leveraging technology Materially Less Cost Technology to execute audits more effectively and efficiently: - Automate testing: Issue tracking Reporting - Greater Coverage: Risk Area Identification Exception Drill-down Population validation - Agility: Address unforeseen issues Re-do after remediation - Continuous: Regular & irregular cycles 3

Internal audit process framework Current Process to utilize results for next year s Risk Assessment Utilize information from previous audits for current audits (ad-hoc data analysis not leveraged project to project). However, informal sharing of information with group. ANNUAL Risk Assessment Fieldwork Audit Plan Technology is being applied here (in audit management and data analysis),to speed up audit process. Reporting Wrap-UP but the major limiting factors are in annual risk assessment and in reporting delays 4

Internal audit process framework Future A technology enabled approach to the internal audit framework allows for more timely identification of and response to risks. Technology enabled approach ONGOING Risk Assessment Monitor key risks Changes in KRIs indicating change in risk profile Audit Plan Monitor results to change frequency/ scope of planned audits PERIODIC Fieldwork Strategic Audit Reporting Report changes in trends to management Continuous Audit Program Execute Automated Script Exception Reporting Review Reports No Action Needed 5

Definitions Continuous Auditing Internal Audit s process to regularly monitor, assess, and mitigate risk in several areas such as operations, finance, and fraud. Continuous Monitoring / Continuous Controls Monitoring Management s process to monitor that policies, procedures, and business processes are operating effectively on an on-going basis. Audit independently evaluates adequacy of management activates. Continuous Auditing is any method used by auditors to perform audit-related activities on a more continuous or continual basis. Institute of Internal Auditors ***The Difference is the user population, purpose and maturity*** Internal Audit Business Leads IA Data Analytics Continuous Auditing Continuous Monitoring Enterprise Risk Management Governance Risk & Compliance 6

Maturity model CM & CA CA Level 5 Business focused Link to process owners via reporting / dash boarding module Level 4 Technology enables full integration into internal audit workflow Regular collaboration with process owners Level 3 Core technical competencies resident within the department Results used for updating risk assessment throughout the audit process and for root cause discussions with process owners. Level 2 Creation of data experts to develop routine data analysis techniques No process for incorporating into IA methodology IA focused Level 1 Occasional, ad-hoc data analysis on certain audits 7

Implementation strategy and approach Assess Design Construct Implement Operate & Review Organization Program charter Project management Sprint management Training ROI evaluation User experience Release plan Business Implementation plan Business requirement document Test Plan / User validation Business process integration Data Source and solution definition Data architecture document Physical data Model Technical user guides Prepare next business area Technology Application option identification Application Architecture document System development 8

Managing the process Define a clear, strategic vision Analyze current / future state Develop roadmap Assess resource & technology Execute pilot Refine & execute plan Continuous Monitoring and points to consider Organization Is this embedded into every audit (and team) or separate? Do we build centralized capability? What level of project management is needed? Human resources What training is required? What new skills are required? What skill sets do we have today? Working practices How does this change our methodology? How does this impact our strategy? Technology What is already available to us and what do we need? Should we build or buy new solutions? Communication & reporting What impact does this have on our relationship with the business unit owners? What is our role in reporting/trending remediation efforts of the business owners? Knowledge management How will we plan to share the data within internal audit? How will we share information with the Controlling or Compliance functions? How will we share information with external auditors? Metrics How will we assess progress? 9

Other Key Members Business Stakeholder Internal Audit Stakeholder Core Team Internal Audit Sponsor Execute Sponsor(s) Organization structure Organization Chart Execute Team (Audit Committee, CFO, CAE, CIO) VP Internal Audit Program Lead Analyst SME s Internal Audit Business Area Lead Business Area Lead IT Lead 10

Application architecture Technology Considered Description / Use SharePoint or Workflow Mgmt Tool Analytical & Reporting Services or Reporting Tool TBD based on vendor selection and requirements (e.g. ACL CCM, Oversight, MS SQL Server, etc.) Dashboard Reporting Risk Indicators / Control Parameters Screens presented to users based on modules implemented and user roles. Behind the scenes formatting of reports and information to be presented through the dashboard. Analytical engine which is customized based on testing/auditing requirements. Audit Data Warehouse Leverage Internal Data Warehouse or MS SQL Server Procureto-pay All Industries Orderto-cash Financial Reporting T & E Industry Specific Retail Store Modules are implemented in the warehouse based on data requirements associated with KRI s. P-Card Capital & F.A. HR & Payroll Channel Compliance Others MS Integration Services or client existing ETL Tool* Extractor / Mapping / Load Automated process to pull data from source systems and map into data warehouse. *Integration or ETL tool used will depend on the software used for the Audit Data Warehouse SAP Oracle JDE PSFT Other Leverage existing client infrastructure and source system. 11

Software tool considerations Business needs should be the driving decision-making Leverage tools already existing in your organization Team with business leaders; tools enable both business and IA needs CA / CM Solutions Audit Exchange Monitor Approva Oversight Green light Technologies MS Product Suite Data Analysis Tools ACL IDEA SQL Server MS Access SAS Data Visualization Tools Tableau Qlikview Spotfire Enterprise Solutions Oracle GRC OBIEE SAP Process Controls SAP BI 12

Level of Effort (LOE) Benefits of CA / CM: 100 % data coverage A flexible and agile tool which can be leveraged for new business areas Proven ROI Current Year Year 1 Year 2 and onwards Before CA / CM: All Business areas (under IA scope) LOE: 1 Audit Under CA / CM: Pilot business area e.g., T&E) LOE: 2 Audits ------------------------------------- All other business areas not under CA / CM: Under CA / CM: T&E LOE:.25 Audits * Other business area LOE: 1.25 Audits * * ------------------------------------- All other business areas not under CA / CM: LOE: 1 Audit LOE: 1 Audit * leveraging the CA / CM solution * * add on new business areas to the existing CA / CM solution 13

Challenges to success 1. Limited budget and resources 2. Obtaining complete and accurate data 3. Working with IT to get automated frequent data feeds 4. Alignment and agreement with the business process owners on analytics, metrics, and business process 5. Availability of resources (onshore or offshore) with the right functional skills 6. Increased complexity working with cross functional IT teams 7. Ongoing maintenance and support needs 8. Aligning audit approach with Continuous Audit/Monitoring Strategy to transform the audit process 14

Key to success 1. Invest in the solution by allocating budget, developing an Annual Operating Plan (AOP), and demonstrating a ROI (How many audits will you replace?) 2. Set project expectation with program stakeholders (Fin Ops IA, IT and Business) early and often (What will their involvement and time investment be? What is the plan to have the business monitor?) 3. Include project stakeholders in all phases of the project 4. Invest appropriately in the requirements and design phases to understand data, and validate data 5. Establish clear program roles and responsibilities to ensure functional skill sets align with objectives 6. AOP should include total solution cost including ongoing maintenance (e.g. Software, Hardware, and Resource) 7. Design the new business process to manage the audit through the tool instead of using the tool to audit 15

2012. All rights reserved. "" and " US" refer to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information