Continuous Transaction Monitoring
advertisement
Continuous Transaction Monitoring 1 oversightsystems.com Introductions Oversight Systems Patrick Taylor, CEO Mark Converse, Director, Sales/Business Development Stephen Barbarisi, Regional Sales Director 2 oversightsystems.com Internal Audit Trends 2009 2010 Cost of Compliance Focus Value Creation/ Continuous Improvement •Resource reductions (25%) •Outsourcing considered •Technology leverage considered… delayed • Internal Audit: Fact-based, data-driven • IA: Advise the “business” • IA: “Enable” the business Increased Board Activity Automate “Low Value” Tasks • Overall risk exposure • “More with less…” • Specific risk “initiatives” • Focus on high value, bottom line results • Leverage advanced technology 3 oversightsystems.com Why Continuous Transaction Monitoring? Compliance Benefits/ Risk Improvement • “In-process, real-time” controls • Extend existing system controls • Replace, automate post transaction audits • Deliver bottom-line results • Gain visibility/accuracy into business • Policies • Stakeholder behaviors • Process improvement • Financial accuracy • Real-time continuous improvements • Audit Automation • Expanded use of data analytics • Detect fraud early 4 Operational Benefits • Automate “lower value” tasks • Auditing/QA • Account reconciliations • Detect issues early • Errors • Bottom-line/cash flow improvement opportunities • Waste, abuse • Establish a “detection adjudication/resolution” capability oversightsystems.com Fraud Statistics Typical organization loses 5% of revenues to fraud • • Median loss $160K, 25% of loses >$1M Significantly higher for financial statement fraud, median >$4M Asset misappropriation the most common Recovery is low, only 20% recover significant amounts of losses Controls work: organizations with more robust fraud controls had lower losses 85% of perpetrators have never been charged before 13% of employees will steal if given the opportunity Source: ACFE 2010 Report to the Nation 5 oversightsystems.com Other Relevant Statistics 1.6% of vendor payments have errors • Similar for companies with a high degree of automation 3.6% of vendor invoices contain errors Companies average 1.1% error rates in T&E Invoice input error rates – average 15.6% 43% of companies never clean Vendor Master File • Leads to other issues: fraud, duplicate payments, missed discounts Duplicate payments are still a problem • Approx 20% of companies report duplicate payment rate > 0.1% 39% of companies had check fraud in past two years • • 70% in large companies (> 5000 employees) % is growing Source: IOMA 2007 Benchmark Study 6 oversightsystems.com What Value Does Oversight Deliver? 7 oversightsystems.com What Value Does Oversight Deliver? • Regulations SOX • Best practices COSO GRC Program • Internal policies/ procedures • Audit Automation • Improper paymentreal-time error prevention Errors Fraud/misuse • Un-recovered payments • Cost of capital • (Margin optimization) • 100% transaction review • Fraud Employee Vendor • Policy/procedures Procurement T&E Corporate cards • Resource optimization • Error correction • Audit fees • Internal audit efficiency 8 • Reporting reliability • Decision support • Automated testing/reporting oversightsystems.com • Transaction-level analytics • Process improvement CCM-T Application Components Example Transaction Process: Revenue Cycle Disparate Source Systems CUSTOMER MAINTENANCE CCM-T Application SAP SALES ORDER INVOICE HR Data RECEIVING CASH RECEIPT CASH APPLICATION Legacy RMA/RETURNS SAP Data Extraction • Monitors Controls Libraries of Data Analytics • Embeds Audit Best Practices in Process Analytics Engine • Risk Ranking UI and Workflow Reporting 9 Exception Identification Exception Resolution Documentation oversightsystems.com Insights/ Reporting Representative Monitoring Value Propositions Compliance/Risk 10 Financial Process Hard ROI Financial Reporting Accuracy Inappropriate Employee Behavior General Ledger Policy Compliance Error Reduction Operational Controls/Visibility Order to Cash Policy Compliance Error reduction Operational Controls/Visibility Inappropriate Employee Behavior Procure to Pay Policy Compliance PR Risks Operational Controls/Visibility Inappropriate Employee Behavior P-Card/T&E oversightsystems.com G&A Cost Efficiency Audit Cost Reduction Margin Improvement G&A Efficiency Prevent Cash Leakage G&A Efficiency Prevent Cash Leakage G&A Efficiency Introduction to Oversight Systems The Company Continuous Transaction Monitoring • Leader in continuous • Automated, in-process transaction monitoring •100% transaction review & prioritization • Software company • Extracted from multiple data sources • Headquartered in Atlanta, Georgia USA • Recognized by Forbes, “Big 4” and industry trade associations • Best practices focus and approach 11 • Pre-defined monitors • Operational policy • Policy adjudication workflow • Financial transaction process monitoring •General Ledger Order to Cash •HR / Payroll Procure to Pay •PCard/T&E Custom oversightsystems.com Continuous Monitoring: Emerging Best Practice Oversight Clients: Monitoring $500B+ Transactions 12 oversightsystems.com Continuous Monitoring Adoption Finance & Accounting Functions 13 oversightsystems.com Procure-to-Pay Monitoring • Invalid Vendor • Duplicate Vendor • Ghost Vendor • Vendor Change/Changeback • Vendor Maintenance SOD Vendor Master Requisitions • • • • • • 14 • Receipt/PO SOD Invalid PO PO to Inactive Vendor PO to Invalid Vendor PO to Ghost Vendor Duplicate PO PO/Vendor SOD Purchase and Receipts • Payment for 0 • Payment w/o Voucher • Payment Payee Differs from Vendor • Payment to Ghost Vendor • Payment to Employee • Payment Detail Mismatch • Payment/PO SOD Invoice • • • • • • • Payment Duplicate Payment Line Duplicate Payment Line Exceed Voucher Payment Line w/o Voucher Payment Line/Voucher Mismatch Payment Line for Duplicate Voucher Payment/Voucher SOD Voucher • • • • • • • • • • • Invalid Voucher Voucher for 0 Voucher to Invalid Vendor Voucher to Duplicate PO Voucher Duplicate Amount Voucher Duplicate Invoice Voucher/PO SOD Voucher Line with no PO Voucher Line/PO Mismatch Voucher Line/Receipt SOD Voucher Line/Receipt Mismatch oversightsystems.com Payment Recovery Cash Leakage: Procure to Pay Process Accepted Risk Built into Design Unintended Design Gaps •Less than ideal segregation of duty to facilitate doing business •Quantity & pricing tolerances •Manual over-ride of controls •Subjective RFP process •Lost volume discounts/rebates •Freight overpayments •Duplicate vendor payments •Approvals outside design tolerance •Over/under payment of S&U tax •Start-up and/or new configuration post go-live •Orders by-pass procurement •Incomplete/inaccurate master data Fraud Errors and Inefficiencies • Collusion • Single individual capitalizing on system weakness • Single individual manipulating data to mislead decision makers • Check theft / manual check 15 • • • • • Lost payment terms discounts Higher delivery costs Catalog pricing not current Manual processes Multiple touches/parked invoices • Research oversightsystems.com Card Program Monitoring • • • • Cardholder Status Change Cardholder Invalid Cardholder Change Cardholder Employee Invalid Cardholder Maintenance • • • • 16 • • • • • • • • • • • Transaction Duplicate Transaction Chain Individual Transaction Chain Department/BU Transaction Invalid Transaction Merchant Unauthorized Transaction Merchant Suspicious Transaction Amount Suspicious Transaction Timing Suspicious Transaction Limit Violation • Merchant Distribution Transaction Employee Invalid Mismatch Transaction Series • Distribution Timing Error Card Maintenance Cardholder Multiple Cards Card Limit Change Card Excessive Limit Card Invalid Purchase Substantiate Reconcile • Recon SOD • Transaction without Recon • Transaction without Substantiation oversightsystems.com Accounting • Payment without Approval • Payment to Ghost Merchant • Payment to Employee Approval • Transaction without Approval • Approval Override Payment T&E and Cards Programs: Monitoring Objectives Accepted Risk Built into Design Unintended Design Gaps •Less than ideal segregation of duty to facilitate doing business •Quantity & pricing tolerances •Manual over-ride of controls •Subjective RFP process •Lost volume discounts/rebates •Freight overpayments •Duplicate vendor payments •Approvals outside design tolerance •Over/under payment of S&U tax •Start-up and/or new configuration post go-live •Orders by-pass procurement •Incomplete/inaccurate master data Fraud Errors and Inefficiencies • Collusion • Single individual capitalizing on system weakness • Single individual manipulating data to mislead decision makers • Check theft / manual check 17 • • • • • Lost payment terms discounts Higher delivery costs Catalog pricing not current Manual processes Multiple touches/parked invoices • Research oversightsystems.com Profit Leakage: Order to Cash Process Accepted Risk Built into Design Unintended Design Gaps • • • • • • • • Price overrides • Approval tolerances Fraud Errors and Inefficiencies • Collusion • Single individual capitalizing on system weakness • Single individual manipulating data to mislead decision makers 18 Pricing errors Credit terms Unit of measure Free shipping not in contract Wrong tax codes Rebates Incomplete/inaccurate master data • Returns • Deductions • Authorized promotion deductions • Chargebacks • Penalties • Short shipments • Late payments • Write-offs • Slow dispute resolution oversightsystems.com General Ledger: Accuracy, Risk and Compliance Access Controls Process Controls • • • • Unintended configuration gaps Super-user access Material transaction approval Incomplete/Inaccurate Master Data • Period open – period close • Intercompany reconciliation • Month end close monitoring • Improve close efficiency accuracy Fraud • • • • 19 Errors and Inefficiencies Revenue manipulation Overcapitalization Understatement of liabilities Super-user access • • • • • • Duplicate entries Entries posted “backwards” Account code misclassification Keying errors Manual entry review Internal/external audit preparation • Multiple touches required for multiple “customers” oversightsystems.com Oversight Overview 20 oversightsystems.com Oversight Solution Overview 21 oversightsystems.com CTM: People, Process and Technology Corporate Finance Operations BU3 Internal Audit CFOBU4 Office Audit Committee Finance BU1 Finance Operations Procurement BU2 VP Finance VPOperations Operations Finance BU1 Procurement BU2 Operations Finance Procurement Operations 22 oversightsystems.com Oversight Product Capabilities Reporting Capabilities Oversight Dashboard Oversight Workbench Exception Handling Capabilities Discovery: Exception Detection Workflow Collaboration Communication Advanced Analytical Capabilities 23 oversightsystems.com Oversight: Macro Trends Generated Automatically 24 oversightsystems.com Oversight: “Exception” Reporting 25 oversightsystems.com Oversight: “Exception” Reporting 26 oversightsystems.com Oversight: “Exception” Detail 27 oversightsystems.com Oversight: Transaction Detail Provided 28 oversightsystems.com Why Industry Leaders Choose Oversight Key Attributes Key Value Superior Data Acquisition • • • • Multiple, diverse, systems Normalize data into common model No data volume limitation Low impact on client system/network • Large, diverse data volume • Minimize IT on-going support • Streamlines advanced analytics Advanced Analytics • • • • Reasoning beyond rules Statistical, Behavioral, Temporal, Symbolic Correction detection integrated with workflow Pre-defined + user defined analytics • Higher ROI faster • Discover “what I don’t know” Practical Workbench and Dashboard • • • • Workflow enabled resolution Consistent across all business processes Supporting documentation in one system Drill-down, email, attachments, link analysis • No technical skills required • Assurance through visibility Intuitive Configurability • • • • User-defined view: workbench & dashboard Ad-hoc reporting + “what if” analysis Flexible deployment configurations Web based administration and configuration • Encourages user adoption • Direct & pertinent to unique KPI Proven Experience and Results • • • • Client base Best Practices Group The most successful implementations Diversity in team expertise Proven customer satisfaction • Operationalizing continuous 29 oversightsystems.com improvement • Quick time-to-value • Quick, efficient, effective • Leverage F500 client experience Find It. Inspect every transaction. Fix It. Resolve every exception. Prove It. Substantiate every resolution. 30 oversightsystems.com
