Data Analytics - c.ymcdn.comc.ymcdn.com/sites/ · ACL and Arbutus Offices and ... Use fuzzy...
-
Upload
trinhkhanh -
Category
Documents
-
view
218 -
download
2
Transcript of Data Analytics - c.ymcdn.comc.ymcdn.com/sites/ · ACL and Arbutus Offices and ... Use fuzzy...
Data Analytics Leveraging Data Visualization and Automation in Audit
Real World Examples
June 3, 2015
Cliff Stephens, CISA
Agenda Introductions
Technological Advances in Analytics
Capitalizing on Analytics
How to Approach and Where to Start
Real-World Examples
We are Sunera
5
Continuity is the key to all of our engagements. More than 96% of our
employees say there are clear opportunities for them to advance at Sunera. Our
customers are happy because our employees are loyal and committed to their work.
Our sole focus is the customer. Our services protect your business from
inefficiency and external threats, resulting in cost savings and the confidence that
your business, customers, and reputation are secure.
Quality matters, and we built our reputation on it. That’s why we only hire
full-time employees with the best industry certifications.
Technology is at the core of everything we do. From cutting-edge data
analytics to sophisticated vulnerability assessments, our clients know we bring the
industry’s top professionals to their internal audit, IT, and compliance challenges.
More than 220 consulting
professionals
Served more than 1,000 clients
Completed more than 3,500
engagements
Founded by former Big-4 risk
partners and professionals
Highly credentialed
professionals, including ACDA,
CISSP, CIPP, CISM, CBCP, CMA
& PMP
Certified integration partner for
leading continuous controls
monitoring solutions, including
ACL and Arbutus
Offices and Credentials
6
Data Analytics Lifecycle
8
Reactive Predictive
Manual
Testing
Ad-Hoc
Analytics
Managed
Analytics
Continuous
Auditing
Continuous
Monitoring
Ownership
Shifts to
Business
Efficiency From Automation and Visualization
Typical State
9
Easier to set up initially
Typically run on an ad-hoc or Managed basis
More time consuming
Playing “catch up” with old exceptions
Q1 Q2 Q3 Q4
+ -
-
-
Data Analytics Tools
11
Reactive Predictive
Manual
Testing
Ad-Hoc
Analytics
Managed
Analytics
Continuous
Auditing
Continuous
Monitoring
Desktop Server
Common CCM Tools
12
12
Visualization / Distribution
Extract & Aggregate Data
Core Data Source
Example Internal
Audit Analytics
Architecture
There are a wide variety of tools that specialize in or offer the ability to develop
analytics, including:
Analytics Opportunities
14
Control Based: Clearly defined objectives that are more fact-based / black & white than the fraud & error based testing.
Examples: User Access, Employee Terminated in HR but Active in SAP, Authorization Limits
Predictive / Forecasting: Uses advanced algorithms to use inputs provided by the user to predict future events. Accounts for changes in
weather and other special events that may have skewed comparative period results.
Examples: Sales Trends
Fraud / Error Based: Use fuzzy matching and advanced logic to identify potential fraud or errors or identify potential cash recoveries.
Examples: Duplicate Payments , Duplicate Expense Claims, T&E
Reports / Summaries / Process Improvement: Summarizes the data for planning, reconciliation or sample selection.
Examples: Vendor Spend, Accounts Payable by Business Unit.
Integration into Audit Process
• Review Audit Programs
- Anywhere there is a data element, there is potential for integration
• Meet with Business Process Owners
- What are they interested in
• Focus on Low Hanging Fruit
- Time Cumbersome Audit Testing Steps
- Things that could not be done otherwise – Leavers / Terminations Testing for ALL
users.
- Recovery Opportunities – Duplicate Payments
15
Sample Integration Approach
1. Internal Discussion to Identify Data Analytic Integration Points • Review Annual Audit Plan
• Review Individual Audit Programs
• Review Sunera “Test Bank” for Standard Analytics
2. Identify & Obtain Data Sets
• Understand Data Sources
• Validate / Reconcile Obtained Data
3. Perform Exploratory Analytics (Pre-Audit)
• Basic analytic steps to determine feasibility & benefit
4. Analytic Development
• Prepare value-add analytics for live audit
16
17
• Employee T&E is risk rated based on
various factors such as:
Excessive spend in an expense category
Weekend expenses
• Top right quadrant marks associate with
high risk and high # of policy exceptions
• Tableau dashboard enables immediate
insight and drill-down capability
Expense reports for high risk
associate
Further drill down required
1
2
T&E Continuous Monitoring Data Analytics Example
T&E Continuous Monitoring Data Analytics Example
18
3
• Drill into the expense reports
to see details
• Detailed view highlights that
the employee submitted
duplicate reports
Audit Findings Tracker Data Analytics Example
19
• Interactive executive-level
reporting for audit findings
• Tableau story drives the user
to desired result
• Interactive filters and views
drill into owners
• Clicking on graphs will
take user to detailed
actions
1
Unsatisfactory With Exception
2
Audit Findings Tracker Data Analytics Example
20
• Easily isolate and export details of specific findings
3
HR Reporting Data Analytics Example
21
Details
• Automated SQL Server back
ends jobs to extract and
manipulate HR tables
• SSRS report pulls directly from
SQL Server
Key Benefits
• Extract scrubbed HR data by user ID or name
• Beneficial for user-access reviews and SOD projects
• Reduces the number of IA associates with access to
HR data
• Expedites process of providing HR reports from three
days to a couple of minutes
1
Fraud Scenario Monitoring Data Analytics Example
22
Potentially Fraudulent Returns
By Customer ID
By Location
By Employee
Text Mining Using R Data Analytics Example
23
Unstructured Data - Social Media Data
- Customer Comments / Employee Free Text
- Survey Responses
- Employee Chats
- Web Crawling