Audit Trends & Framework for Improved Financial Reporting
Transcript of Audit Trends & Framework for Improved Financial Reporting
Page 2
Agenda
► Audit Readiness vs. Audit
► The Complexity of the DoD Environment
► The Role of Analytics
► Factors Contributing to Transaction Volume Size
► Solutions: Short-Term
► Solutions: Long-Term
► Enabling Tools
Page 3
Audit Readiness vs. Audits
The ChallengeAudit Readiness
Focuses on controls
and business process
improvements
Audits
Focuses on data and tracing that
data from the financial statement to
the transaction to the supporting
business process
The tracing of data during audits is
challenging in the DoD environment
due to the complexity of the business
process and systems environment
Page 4
The Complexity of the DoD Environment
Designed to give employees maximum flexibility to accomplish their
mission...
…while good for the warfighter,
not conducive for accurate accounting
Page 5
This complexity creates far more transactional data in general ledgers and
financial reporting systems than what would be expected for budgets
Notional Example
In comparison to other organizations
with similar spending…
…things are more difficult for the Army
because the department processes
transactions (the same data) multiple times
The Complexity of the DoD Environment (cont.)
$-
$50
$100
$150
$200
$250
Apple Army Exxon
Billio
ns
Operational Activity
$-
$500
$1,000
$1,500
$2,000
$2,500
$3,000
$3,500
$4,000
$4,500
Apple Army Exxon
Billio
ns
Total General Ledger Activity
Page 6
The Role of Analytics on Audit Procedures
► Audits are dependent on analytical
procedures, such as:
— Searching for abnormal
balances and transactions
— Identifying outlier transactions
that present greater risk of
misstatement
► Organizations need to analyze
their own financial data and clean
up issues before audits begin
Identify
Review
Clean Up
Page 7
General Ledgers
► Multiple General Ledgers and
associated consolidation
issues related to data standard
► Undefined system logic for
posting to general ledger
accounts
► Lack of configuration control
over changes to system logic
Size of Transaction Volume: Contributing Factors
Page 8
► Billions in “suspense”
transactions
► Lack of documentation linking
accounting treatment to the
business event?
Multiple Feeder Systems Without
Reliable Interface Controls or
Reconciliations
Size of Transaction Volume: Contributing Factors (cont.)
Page 9
► Will not get an opinion on the
validity of the balances if the
organization cannot explain
huge volumes of transactions
in the ledgers
Volume of Irregular Transactions
Size of Transaction Volume: Contributing Factors (cont.)
Page 10
► Conduct substantive
reconciliations for UoT
completeness
Documentation
& Training
Reconciliations
Configure & Control
Solutions: Short-Term
Improve financial reporting information by:
Page 11
Enabling Tools for Solutions:Financial Data Repository and Visualization (conceptual view)
ERP Environments
GFEBS
Feeder Systems
Complete Financial
System Sources
Visualize
InteractivePublished
Query & Explore Advanced Analytics
Reconcile, Analyze and Act
Load and Organize
Trusted Audit Analysis Data Layer
Import, validate, consolidate, standardize & link
GCSS-A
STANFINS
SOMARDS Advanced statistical and computational
techniques to identify anomalies & discrepancy
Standard and Ad Hoc Reports and Dashboards
Reconcile, search, group, filter, join,
aggregate, categorize and extract data from
multiple sources
Workflow
Assign roles, review, route and act
CEFMS
LMP
Source 1
Source …
Page 12
Enabling Tools for Solutions:Financial Data Repository and Visualization (sample dashboards)
Page 13
► Conduct substantive
reconciliations for UoT
completeness
► Document business events and
associated posting logic
► Document proper journal voucher
procedure and provide proper
training to employees
► Design and implement effective
configuration and access controls
► Document management and
retrieval
Documentation
& Training
Reconciliations
Configure & Control
Solutions: Short-Term
Improve financial reporting information by:
Page 14
► Reducing to fewer general ledgers
with associated standard data
consistency
► Standardize a comprehensive and
consistent business process and
procedure for proper execution of
day to day business event
► Monitor JVs execution
► Maximize ERPs capabilities and
eliminate legacy feeder systems
► Design and implement monitoring
process for mitigating inconsistency
Solutions: Long-Term
Improve financial reporting information by:
Page 15
Governance, Risk and Compliance Overview
GRC is not a tool, but a complete solution set…
@
0
5 0
1 0 0
1 5 0
2 0 0
0
5 0
1 0 0
1 5 0
2 0 0
0
5 0
1 0 0
1 5 0
2 0 0
0
5 0
1 0 0
1 5 0
2 0 0
Exceptionrepository
GRC Tool
3. Connect data source
6. Refine rules and tailor business processes
1. Optimize risk, compliance and Control structure
4. Receive/validate control exceptions
5. Report and resolve
Business Rule Definitions
Rationalize expectations
Notifications
E-mailRouting
BU
CFO
IT
BU
CFO IT
IA
Process
optimizationConfiguration
management
User
provisioning
• Open
• Close
• Pending
• Requires actionIssue:
Action:
Owner:
Remediation
plan
Further trending
and data analysis
Integrated
dashboard
IA
2. Connect data source
2. Tie monitoring components
to GRC module elements
SAP
Legacy
JDE
SODConfigurable
controlsData
Page 16
SAP GRC overviewComponents of SAP GRC
Access Control
Functionality
Planning, budgeting,
forecasting,
consolidations
Master data
management,
data integration
Reporting
Centralizes control reporting across
regulations including Analytic
Dashboards, Controls reporting, and
Test Management
Centralized Control Testing (CT)
and Automated Monitoring (AM)
Provide ability to manage all control
testing including: Entity-level,
Manual, and Automated testing
Centralized Issue and remediation
Policy Management and Surveys -
Central policy repository and version
management, control surveys,
Risk and Controls Library (R&C)
Maintain governance over control
library including: Risk, Controls,
Organizations, Test Plans
Process Control
Functionality
Emergency Access Management
(EAM)
Provide temporary emergency
access with detailed audit trial
Business Role Management
(BRM)
Enforce compliance during role
design and automate role generation
Access Risk Analysis
(ARA)
Maintain SOD and critical access
compliance across SAP systems
Access Request Management
(ARM)
Automate workflow to manage
approval and access provisioning
and enforce mandatory SOD checks
SAP GRC
Access Control
(AC)Segregation of duties,
critical and emergency
access management,
compliant access
provisioning
Process Control
(PC)Central controls
repository, automated
configurable controls
testing, real-time
exception based
reporting
Risk Management (RM)Holistic risk visibility, risk intelligence through
dashboards, key risk indicators
Fraud
ManagementAudit Management
Global Trade
Services
Environment,
Health and Safety
Nota Fiscal Sustainability