ACL Solutions for Continuous Auditing and Monitoring

advertisement

ACL Solutions for Continuous

Auditing and Monitoring

John Verver

CA, CISA, CMC

Vice President, Professional Services & Product Strategy

ACL Services Ltd

ACL Services Ltd.

Continuous Auditing and Monitoring:

Where are we? Where are we going?

Copyright © 2008 ACL Services Ltd. 2

• ACL has 11,000+ user organizations globally

• 33-40% of organizations consider they perform some form of

Continuous Auditing

• Chief Audit Executive surveys indicate Continuous Auditing and

Monitoring usage will more than double by 2012

ACL Services Ltd.

Continuous Auditing – ACL’s Experience

• Wide variation in CA approach and techniques

• CA part of a continuum of analytic usage

• Flexibility is key

Copyright © 2008 ACL Services Ltd. 3

ACL Services Ltd.

Continuum of Audit Analytics

Copyright © 2008 ACL Services Ltd. 4

• One-off analysis and testing

ad hoc

• Automated analyses and tests

• Managed and deployed from a central environment

• Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis

repetitive

24

7

365

continuous

ACL Services Ltd.

Continuous Auditing: Issues to Address

• Data access and management

• Quality and control

• Sustainability and productivity

• People and process

Copyright © 2008 ACL Services Ltd. 5

ACL Services Ltd.

Enabling the Continuum of Audit Analytics

Copyright © 2008 ACL Services Ltd. 6

ad hoc

A MANAGED ANALYTICS PLATFORM for AUDIT

Secure controlled access to data

Configuration, automation and scheduling of tests

Management of tests, documentation, findings, logs, workflow

One common platform

repetitive

24

7

365

continuous

ACL Services Ltd.

Copyright © 2008 ACL Services Ltd. 7

Reporting &

Presentation

Query & Analysis

Analytic

Library

Management

& Automation

Data Access

Query & Analysis

In-depth analysis

Audit-specific commands & scripting

Advanced analytics and predictive modeling

Centralized logging

Management & Automation

Audit repository

User access & rights, data security

Centralized tests and processing

Continuous auditing management

Configuration & management

Data Access

Access, extract, transform, load

Specialized format connectors

Audit data repository

Reporting & Presentation

Templates, charting

Dashboard integration

Report deployment and maintenance

Analytic Library

• Packaged analytics, key business processes

ACL Services Ltd.

Copyright © 2008 ACL Services Ltd. 8

Audit Analytics Repository

Management & Automation

• User access & rights •

• Scheduling

Administration •

• Search

Security

Data

Data sets for each audit area

Data dictionaries

Data management & refresh

Analytics

• Test library

Test documentation

“Best Practices” documentation

Findings & Results

• Results management

Specific findings

Logs & other documentation

ACL Services Ltd.

Copyright © 2008 ACL Services Ltd. 9

Populating and Refreshing the Audit Data Repository

• INFORMATICA for ACL AuditExchange o o

Industry leading technology for ETL (Extract Transform Load)

Connectors for any enterprise data

PowerCenter:

PowerExchange

Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL

Server, dBase

B2B Complex Data Exchange:

PDF, XML, XBRL, Excel

Specialized data formats – HIPPAA etc

• ACL Data Access, including Direct Link for SAP

ACL Services Ltd.

Copyright © 2008 ACL Services Ltd. 10

ACL: Continuous Auditing and Continuous Monitoring

ACL AuditExchange o o o o

Enables Best Practices in Audit Analytics

Provides a secure, controlled, well-managed and sustainable environment for the continuum of Audit Analytics – Ad Hoc through Continuous Auditing

Provides benefits of Audit Analytics to the entire audit team, according to roles

A reliable environment for Continuous Auditing

ACL Continuous Controls Monitoring o o o o o o

Provides management and audit with insight into control effectiveness

Monitors all transactions throughout business process cycles

Tests against suites of control rules

Identifies and quantifies exceptions on a timely basis

Supports exception resolution and control remediation

Configuration and management of the monitoring process

ACL Services Ltd.

Copyright © 2008 ACL Services Ltd. 11

ACL Continuous Controls Monitoring Technology

Framework

ACL Services Ltd.

ACL CCM Product Suite

Copyright © 2008 ACL Services Ltd. 12

• Continuous testing of transactions in core business process areas against sets of internal control rules

Purchase to Pay Procurement Card

Travel & Entertainment Payroll

Order To Cash General Ledger

ACL Services Ltd.

ACL CCM Product Suite

• Browser-based interface: o o o o

Manage Continuous Monitoring process

Security and Administration

Manage test parameters

View, report and manage exceptions

Copyright © 2008 ACL Services Ltd. 13

ACL Services Ltd.

ACL CCM Product Suite – Large Enterprise Version

Copyright © 2008 ACL Services Ltd. 14

• Advanced capabilities for complex large scale enterprise monitoring

• For 10+ control entities: o o o

Enhanced multi-entity configuration

Enhanced multi-entity parameter management

Enhanced workflow and remediation

ACL Services Ltd.

ACL Enterprise Continuous Monitoring at

Copyright © 2008 ACL Services Ltd. 15

• ACL audit analytics used for many years in Siemens entity internal audit organizations

• Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004

• 2008 implementation of ACL Continuous Monitoring – Large

Enterprise Version for Purchase to Pay systems across entire

Siemens enterprise

• Believed to be largest purchase-payment transaction monitoring project in the world

ACL Services Ltd.

Enterprise Controls Monitoring at Siemens

Copyright © 2008 ACL Services Ltd. 16

Scale

• All corporate entities (currently 900+)

• All Purchase to Pay transactions

• Daily with 90 days running history

• 27 control tests

• 275 different data sources & applications

• Average 5GB of source data analyzed per entity

• Primary integration environment: analysis of 200GB data for

~400 entities

ACL Services Ltd.

Enterprise Controls Monitoring at Siemens

Copyright © 2008 ACL Services Ltd. 17

Exceptions: workflow process

• Process managed by entity business owners o o review all exceptions assign appropriate category

• Unresolved exceptions automatically escalated through multiple

CFO levels

ACL Services Ltd.

Questions?

Contact: john_verver@acl.com

Copyright © 2008 ACL Services Ltd. 18

Download