Data Analytics Leveraging Data Visualization and Automation in Audit

Real World Examples

June 3, 2015

Cliff Stephens, CISA

Agenda Introductions

Technological Advances in Analytics

Capitalizing on Analytics

How to Approach and Where to Start

Real-World Examples

3

4

We are Sunera

5

Continuity is the key to all of our engagements. More than 96% of our

employees say there are clear opportunities for them to advance at Sunera. Our

customers are happy because our employees are loyal and committed to their work.

Our sole focus is the customer. Our services protect your business from

inefficiency and external threats, resulting in cost savings and the confidence that

your business, customers, and reputation are secure.

Quality matters, and we built our reputation on it. That’s why we only hire

full-time employees with the best industry certifications.

Technology is at the core of everything we do. From cutting-edge data

analytics to sophisticated vulnerability assessments, our clients know we bring the

industry’s top professionals to their internal audit, IT, and compliance challenges.

More than 220 consulting

professionals

Served more than 1,000 clients

Completed more than 3,500

engagements

Founded by former Big-4 risk

partners and professionals

Highly credentialed

professionals, including ACDA,

CISSP, CIPP, CISM, CBCP, CMA

& PMP

Certified integration partner for

leading continuous controls

monitoring solutions, including

ACL and Arbutus

Offices and Credentials

6

7

Data Analytics Program Development Methodology

Data Analytics Lifecycle

8

Reactive Predictive

Manual

Testing

Ad-Hoc

Analytics

Managed

Analytics

Continuous

Auditing

Continuous

Monitoring

Ownership

Shifts to

Business

Efficiency From Automation and Visualization

Typical State

9

Easier to set up initially

Typically run on an ad-hoc or Managed basis

More time consuming

Playing “catch up” with old exceptions

Q1 Q2 Q3 Q4

+ -

-

-

Efficiency From Automation and Visualization

10

Ideal State

Year-round

Data Analytics Tools

11

Reactive Predictive

Manual

Testing

Ad-Hoc

Analytics

Managed

Analytics

Continuous

Auditing

Continuous

Monitoring

Desktop Server

Common CCM Tools

12

12

Visualization / Distribution

Extract & Aggregate Data

Core Data Source

Example Internal

Audit Analytics

Architecture

There are a wide variety of tools that specialize in or offer the ability to develop

analytics, including:

13

Analytics Architecture

Analytics Opportunities

14

Control Based: Clearly defined objectives that are more fact-based / black & white than the fraud & error based testing.

Examples: User Access, Employee Terminated in HR but Active in SAP, Authorization Limits

Predictive / Forecasting: Uses advanced algorithms to use inputs provided by the user to predict future events. Accounts for changes in

weather and other special events that may have skewed comparative period results.

Examples: Sales Trends

Fraud / Error Based: Use fuzzy matching and advanced logic to identify potential fraud or errors or identify potential cash recoveries.

Examples: Duplicate Payments , Duplicate Expense Claims, T&E

Reports / Summaries / Process Improvement: Summarizes the data for planning, reconciliation or sample selection.

Examples: Vendor Spend, Accounts Payable by Business Unit.

Integration into Audit Process

• Review Audit Programs

- Anywhere there is a data element, there is potential for integration

• Meet with Business Process Owners

- What are they interested in

• Focus on Low Hanging Fruit

- Time Cumbersome Audit Testing Steps

- Things that could not be done otherwise – Leavers / Terminations Testing for ALL

users.

- Recovery Opportunities – Duplicate Payments

15

Sample Integration Approach

1. Internal Discussion to Identify Data Analytic Integration Points • Review Annual Audit Plan

• Review Individual Audit Programs

• Review Sunera “Test Bank” for Standard Analytics

2. Identify & Obtain Data Sets

• Understand Data Sources

• Validate / Reconcile Obtained Data

3. Perform Exploratory Analytics (Pre-Audit)

• Basic analytic steps to determine feasibility & benefit

4. Analytic Development

• Prepare value-add analytics for live audit

16

17

• Employee T&E is risk rated based on

various factors such as:

­ Excessive spend in an expense category

­ Weekend expenses

• Top right quadrant marks associate with

high risk and high # of policy exceptions

• Tableau dashboard enables immediate

insight and drill-down capability

Expense reports for high risk

associate

Further drill down required

1

2

T&E Continuous Monitoring Data Analytics Example

T&E Continuous Monitoring Data Analytics Example

18

3

• Drill into the expense reports

to see details

• Detailed view highlights that

the employee submitted

duplicate reports

Audit Findings Tracker Data Analytics Example

19

• Interactive executive-level

reporting for audit findings

• Tableau story drives the user

to desired result

• Interactive filters and views

drill into owners

• Clicking on graphs will

take user to detailed

actions

1

Unsatisfactory With Exception

2

Audit Findings Tracker Data Analytics Example

20

• Easily isolate and export details of specific findings

3

HR Reporting Data Analytics Example

21

Details

• Automated SQL Server back

ends jobs to extract and

manipulate HR tables

• SSRS report pulls directly from

SQL Server

Key Benefits

• Extract scrubbed HR data by user ID or name

• Beneficial for user-access reviews and SOD projects

• Reduces the number of IA associates with access to

HR data

• Expedites process of providing HR reports from three

days to a couple of minutes

1

Fraud Scenario Monitoring Data Analytics Example

22

Potentially Fraudulent Returns

By Customer ID

By Location

By Employee

Text Mining Using R Data Analytics Example

23

Unstructured Data - Social Media Data

- Customer Comments / Employee Free Text

- Survey Responses

- Employee Chats

- Web Crawling