• ACL has 11,000+ user organizations globally • 33-40% of organizations consider they perform some form of Continuous Auditing • Chief Audit Executive surveys indicate Continuous Auditin
Trang 1Auditing and Monitoring
John Verver CA, CISA, CMC
Vice President, Professional Services & Product Strategy
ACL Services Ltd
Trang 2Continuous Auditing and Monitoring:
Where are we? Where are we going?
• ACL has 11,000+ user organizations globally
• 33-40% of organizations consider they perform some form of Continuous Auditing
• Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012
Trang 3Continuous Auditing – ACL’s Experience
• Wide variation in CA approach and techniques
• CA part of a continuum of analytic usage
• Flexibility is key
Trang 4ad hoc repetitive
24
• 7 •
365
continuous
Continuum of Audit Analytics
• One-off analysis and
testing
• Automated analyses and tests
• Managed and deployed from a central
environment
• Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis
Trang 5Continuous Auditing: Issues to Address
• Data access and management
• Quality and control
• Sustainability and productivity
• People and process
Trang 6ad hoc repetitive
24
• 7 •
365
continuous
A MANAGED ANALYTICS PLATFORM for AUDIT
Secure controlled access to data Configuration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflow One common platform
Enabling the Continuum of Audit Analytics
Trang 7Data Access
Reporting &
Presentation
Analytic Library
Query & Analysis
Management
& Automation
Management & Automation
• Audit repository
• User access & rights, data security
• Centralized tests and processing
• Continuous auditing management
• Configuration & management
Query & Analysis
• In-depth analysis
• Audit-specific commands & scripting
• Advanced analytics and predictive modeling
• Centralized logging
Data Access
• Access, extract, transform, load
• Specialized format connectors
• Audit data repository
Reporting & Presentation
• Templates, charting
• Dashboard integration
• Report deployment and maintenance
Analytic Library
• Packaged analytics, key business processes
Trang 8Audit Analytics Repository
Data
• Data sets for each audit
area
• Data dictionaries
• Data management & refresh
Findings & Results
• Results management
• Specific findings
• Logs & other documentation
Analytics
• Test library
• Test documentation
• “Best Practices”
documentation
Management & Automation
• Scheduling
• Administration
• User access &
rights
• Search
• Security
Trang 9Populating and Refreshing the Audit Data Repository
• INFORMATICA for ACL AuditExchange
o Industry leading technology for ETL (Extract Transform Load)
PowerCenter:
Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL Server, dBase
B2B Complex Data Exchange:
PDF, XML, XBRL, Excel
PowerExchange
Specialized data formats – HIPPAA etc
• ACL Data Access, including Direct Link for SAP
Trang 10ACL: Continuous Auditing and Continuous Monitoring
• ACL AuditExchange
o Enables Best Practices in Audit Analytics
o Provides a secure, controlled, well-managed and sustainable environment for the continuum of Audit Analytics – Ad Hoc through Continuous Auditing
o Provides benefits of Audit Analytics to the entire audit team, according to roles
o A reliable environment for Continuous Auditing
• ACL Continuous Controls Monitoring
o Provides management and audit with insight into control effectiveness
o Monitors all transactions throughout business process cycles
o Tests against suites of control rules
o Identifies and quantifies exceptions on a timely basis
o Supports exception resolution and control remediation
o Configuration and management of the monitoring process
Trang 11ACL Continuous Controls Monitoring Technology
Framework
Trang 12ACL CCM Product Suite
• Continuous testing of transactions in core business process areas against sets of internal control rules
Purchase to Pay Procurement Card Travel & Entertainment Payroll
Order To Cash General Ledger
Trang 13ACL CCM Product Suite
• Browser-based interface:
o Manage Continuous Monitoring process
o Security and Administration
o Manage test parameters
o View, report and manage exceptions
Trang 14ACL CCM Product Suite – Large Enterprise Version
• Advanced capabilities for complex large scale enterprise monitoring
• For 10+ control entities:
o Enhanced multi-entity configuration
o Enhanced multi-entity parameter management
o Enhanced workflow and remediation
Trang 15• ACL audit analytics used for many years in Siemens entity internal audit organizations
• Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004
• 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise
• Believed to be largest purchase-payment transaction monitoring project in the world
ACL Enterprise Continuous Monitoring at
Trang 16Enterprise Controls Monitoring at Siemens
Scale
• All corporate entities (currently 900+)
• All Purchase to Pay transactions
• Daily with 90 days running history
• 27 control tests
• 275 different data sources & applications
• Average 5GB of source data analyzed per entity
• Primary integration environment: analysis of 200GB data for
~400 entities
Trang 17Enterprise Controls Monitoring at Siemens
Exceptions: workflow process
• Process managed by entity business owners
o review all exceptions
o assign appropriate category
• Unresolved exceptions automatically escalated through multiple CFO levels
Trang 18Contact: john_verver@acl.com