ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President,...
-
Upload
pierce-cooper -
Category
Documents
-
view
224 -
download
1
Transcript of ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President,...
ACL Solutions for Continuous Auditing and Monitoring
John Verver CA, CISA, CMCVice President, Professional Services & Product StrategyACL Services Ltd
Copyright © 2008 ACL Services Ltd. 2
ACL Services Ltd.
Continuous Auditing and Monitoring:Where are we? Where are we going?
• ACL has 11,000+ user organizations globally
• 33-40% of organizations consider they perform some form of Continuous Auditing
• Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012
Copyright © 2008 ACL Services Ltd. 3
ACL Services Ltd.
Continuous Auditing – ACL’s Experience
• Wide variation in CA approach and techniques
• CA part of a continuum of analytic usage
• Flexibility is key
Copyright © 2008 ACL Services Ltd. 4
ACL Services Ltd.
ad hoc repetitive
24 7 365
continuous
Continuum of Audit Analytics
• One-off analysis and testing
• Automated analyses and tests
• Managed and deployed from a central environment
• Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis
Copyright © 2008 ACL Services Ltd. 5
ACL Services Ltd.
Continuous Auditing: Issues to Address
• Data access and management• Quality and control • Sustainability and productivity• People and process
Copyright © 2008 ACL Services Ltd. 6
ACL Services Ltd.
ad hoc repetitive
24 7 365
continuous
A MANAGED ANALYTICS PLATFORM for AUDITSecure controlled access to dataConfiguration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflowOne common platform
Enabling the Continuum of Audit Analytics
Copyright © 2008 ACL Services Ltd. 7
ACL Services Ltd.
Data Access
Reporting &Presentation
AnalyticLibrary
Query & Analysis
Management& Automation
Management & Automation• Audit repository• User access & rights, data security• Centralized tests and processing• Continuous auditing management• Configuration & management
Query & Analysis• In-depth analysis• Audit-specific commands & scripting• Advanced analytics and predictive modeling• Centralized logging
Data Access• Access, extract, transform, load• Specialized format connectors• Audit data repository
Reporting & Presentation• Templates, charting• Dashboard integration• Report deployment and maintenance
Analytic Library• Packaged analytics, key business
processes
Copyright © 2008 ACL Services Ltd. 8
ACL Services Ltd.
Audit Analytics Repository
Data• Data sets for each audit
area• Data dictionaries• Data management & refresh
Findings & Results• Results management• Specific findings• Logs & other documentation
Analytics• Test library• Test documentation• “Best Practices”
documentation
Management & Automation
• Scheduling• Administration
• User access & rights
• Search• Security
Copyright © 2008 ACL Services Ltd. 9
ACL Services Ltd.
Populating and Refreshing the Audit Data Repository
• INFORMATICA for ACL AuditExchange o Industry leading technology for ETL (Extract Transform Load)o Connectors for any enterprise data
PowerCenter: Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL
Server, dBase B2B Complex Data Exchange:
PDF, XML, XBRL, Excel PowerExchange
Specialized data formats – HIPPAA etc
• ACL Data Access, including Direct Link for SAP
Copyright © 2008 ACL Services Ltd. 10
ACL Services Ltd.
ACL: Continuous Auditing and Continuous Monitoring
• ACL AuditExchange o Enables Best Practices in Audit Analyticso Provides a secure, controlled, well-managed and sustainable environment for the
continuum of Audit Analytics – Ad Hoc through Continuous Auditingo Provides benefits of Audit Analytics to the entire audit team, according to roleso A reliable environment for Continuous Auditing
• ACL Continuous Controls Monitoring o Provides management and audit with insight into control effectivenesso Monitors all transactions throughout business process cycleso Tests against suites of control ruleso Identifies and quantifies exceptions on a timely basis o Supports exception resolution and control remediationo Configuration and management of the monitoring process
Copyright © 2008 ACL Services Ltd. 11
ACL Services Ltd.
ACL Continuous Controls Monitoring Technology Framework
Copyright © 2008 ACL Services Ltd. 12
ACL Services Ltd.
ACL CCM Product Suite
• Continuous testing of transactions in core business process areas against sets of internal control rules
Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger
Copyright © 2008 ACL Services Ltd. 13
ACL Services Ltd.
ACL CCM Product Suite
• Browser-based interface:o Manage Continuous Monitoring processo Security and Administrationo Manage test parameterso View, report and manage exceptions
Copyright © 2008 ACL Services Ltd. 14
ACL Services Ltd.
ACL CCM Product Suite – Large Enterprise Version
• Advanced capabilities for complex large scale enterprise monitoring • For 10+ control entities:
o Enhanced multi-entity configurationo Enhanced multi-entity parameter managemento Enhanced workflow and remediation
Copyright © 2008 ACL Services Ltd. 15
ACL Services Ltd.
• ACL audit analytics used for many years in Siemens entity internal audit organizations
• Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004
• 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise
• Believed to be largest purchase-payment transaction monitoring project in the world
ACL Enterprise Continuous Monitoring at
Copyright © 2008 ACL Services Ltd. 16
ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
Scale• All corporate entities (currently 900+)• All Purchase to Pay transactions• Daily with 90 days running history• 27 control tests• 275 different data sources & applications • Average 5GB of source data analyzed per entity• Primary integration environment: analysis of 200GB data for
~400 entities
Copyright © 2008 ACL Services Ltd. 17
ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
Exceptions: workflow process• Process managed by entity business owners
o review all exceptionso assign appropriate category
• Unresolved exceptions automatically escalated through multiple CFO levels