Utilizing Data to Drive
Competitive Advantages
Devin Amato
Mike Ostendorf
Jeff Roy
Deloitte & Touche LLP
March 13, 2008
ISACA
Kansas City
AGENDA




What is Data Quality & Integrity (DQI)?
Risks of Poor DQI Management and DQI Benefits
Implementing a DQI Approach
Applying Data Analysis
2
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity?
(DQI)
Data Quality & Integrity
In order for organizations to perform business processes, reliance is
placed on the organization’s data. Business success is based on good
decisions and almost all decisions are based, either directly or indirectly,
on data.
Make Sound
Business
Decisions
Minimize
Expenses
Meet Financial
Goals
Manage
Information
Manage
Business
Alliances
Manage
Resources
Manage People
4
Maximize
Revenue
Meet Regulatory
Requirements
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity?

Data Quality and Integrity (DQI) is data that is:
• Complete

Are vendor records complete?
• Valid

Are vendor records up to date?
• Consistent

Are vendor records consistent across various applications?
Using this definition, DQI is more than just having valid data –
it is also about the completeness and consistency of the data.
However, data has more than three dimensions…
5
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity?

Data Quality and Integrity (DQI) is data that is also:
• Availability

Is the data available
• Trusted

Does it have a reputation for being trusted and reliable
• Relevant

Does it answer the questions the organization
• Other Dimensions
6
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
DQI - The Value Proposition

DQI recognizes data as a precious business asset

It asks questions regarding the ownership and treatment of data and
the configuration surrounding repositories that house data.

Like other business assets, data can experience:
• Spoilage
• Theft
• Misuse
• Hording

DQI diagnoses problems and examines processes that work to
preserve the value of business data
7
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Risks of Poor DQI Management
Effect of Data Defects
Data defects can affect organizations in a wide variety of ways
• Implementations/Conversions



System changes often highlight data quality defects within the data being
converted
Delays in cutover to new systems
Increase in project costs
• Financial Reporting



Delays in closing process due to invalid data
Misrepresentation of financials
Revenue leakage
• Regulatory Compliance Efforts


Data defects may indicate that certain controls are ineffective
Misrepresentation of financials or performance metrics
• Customer Relations


9
Invalid or outdated customer data
Slow response to customers
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
The Hidden Costs of Data Defects
The costs of data defects are hard to quantify – but it is easy to
see how the impacts can be costly
Potential Effect of Data Defects
Potential Cost
Delayed system implementation due to data
quality defects
Resources spent fixing data quality
defects manually
Delayed closing of books at year-end due to
transactions with invalid account numbers
Staff accountants manually
reclassifying transactions to valid
accounts
Inaccurate metrics, misrepresentation of
performance
Regulatory penalties, other
punitive action
Increased opportunity for fraud
Loss of revenue, negative
publicity, damaged public image
Inaccurate billing, tax allocation
Revenue leakage
10
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Managing the wide range of data quality issues
with traditional approaches is less effective
Traditional approaches:
Consequences:
Attempt to manage data quality
without attempting to measure data
quality and the impacts of poor data
quality
Poor prioritization of work
effort and inappropriate
allocation of resources to
address data quality issues
Focus on “data cleansing”, without
focusing on processes to manage
and monitor data quality
Data is “clean” at one point
in time, but quality degrades
over time
Manage data standards and
definitions within functional or
application “silos”, even though the
data is shared across the
organization
Inconsistencies in data
definitions, standards, and
business rules often cause
operational inefficiencies and
poor business decisions
11
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Data Quality Benefits
Immediate benefits are derived from cleansing efforts during a ERP or ebusiness transformation. Significant additional benefits can be derived
from optimization efforts.
Data Cleansing Benefits
Data Optimization Benefits
Cleaner transformation from legacy to ERP
Improve cash flow
Increased value on software implementation
and systems integration
Increased understanding of relationships
with trading partners across organization
Requirement to succeed in transformation
to e-business
Analysis that support strategic decisions
Potential reduced risk exposure
Sustained competitive advantage through
cleaner information for front- and back-office
collaboration
Enabler for improved customer service
Improved utilization of resources by
focusing on areas of the business that will
deliver largest results
Reduction of risks within customer and
supplier base
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Implementing a DQI Approach
How to Begin

Build awareness and acceptance of DQI as a key management
item

Establish a formal group responsible for defining DQI
management approaches

Implement a structured approach for assessing both the extent
and the impact of data quality problems in the organization

Define a DQI strategy for moving the organization forward
Based on our experience, the most effective DQI
improvement initiatives are driven by experienced,
cross-functional teams applying structured approaches
and tools.
14
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Enhance Data Quality
Standardization
Scoping &
Planning
Current State
Assessment
Design
Gap Analysis
Identify
DQI
Leaders
Understand
Business and
Data Flows
Design
Corrective
Actions
Perform
Gap
Analysis
Implement &
Monitor
Corrective
Actions
Develop
DQI
Workplan
& Timeline
Perform Risk
Assessment
Design
Process &
Organization
Develop
Implement
ation plan
Implement
Process and
Organization
Ensure
integration
of DQ
Standards
Design
Sustainment
Cycle
Perform
Data
Analysis
Perform Root
Cause
Analysis
Change
Management
15
Build
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Implement
Sustainment
Cycle
DQI Management Initiatives

Revenue Assurance
• Examination and verification of events transpiring throughout the
revenue life cycle for the purpose of identifying and eliminating
leakage

Cost Savings and Recovery
• Provide assurance that a company is managing its expenditures’
processes in a controlled manner and capitalizing on any
opportunities for better cost management

Inventory Analysis and Estimation
• Applies quantitative methods to reduce costs associated with
inventory management business processes

Complex Accounting Analysis
• Assist in reviewing complex accounting and transactions.
Ensuring regulatory compliance.
• FAS123R
16
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
DQI Management Initiatives

Content Quality
• Implementing a data management strategy that addresses data
quality standards, data maintenance controls, and data
optimization

Systems Implementation Support
• Provides a risk-based methodology to evaluate and improve data
quality before, during, and after systems implementations and
conversions

Continuous Monitoring
• An optimal approach to monitor business processes and controls
real-time by leveraging existing data sources in conjunction with
analytical tools and customized business metrics
17
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Applying Data Analysis
Applying Data Analysis





A variety of topics in the field of auditing are gaining
new attention as data analysis applications are being
developed to support them. We will explore some of
these topics.
Continuous Monitoring
Cost Savings / Cost Recovery
Revenue Assurance
Fraud Detection
Supplementing the Financial Audit
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Objective
The primary objective of a Continuous Audit Monitoring approach /
methodology would be to assist management in accomplishing the
strategic goals and objectives of the company through risk mitigation.
This can be accomplished through:


Identifying key risk indicators related to
• achievement of business objectives,
• reliability and accuracy of financial information
• compliance with laws, regulations, and company policies
• IT systems and interfaces.
Designing automated processes, tools, and a management reporting
system to enable Internal Audit to continuously monitor these key risk
indicators.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Metrics
Special attention should be offered to the design of the Continuous Monitoring
system. In particular, the design of the metrics that are monitored affect the
quality and value of the system.
Performance
Marketing Response Rates
Order Fulfillment Times
Ratio of Return Customers
Vendor Lead Times
Loan Default Rates
Customer Service Responses
Product Returns Analyses
Financial
Days in Accounts Receivable
Accounts Payable Debit Balances
Duplicate Claims / Payments
Inventory Turns & Obsolesce
Shrink Percentages by Location
Cash Disbursement Anomalies
Gross Margin Target Variances
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Implementation Approach
Assess
Design
Deliver

Sustain
Assess
• Risk, Metrics, and Data
 Design
• Transform Data & Metrics
 Deliver
• Provide Business Intelligence
 Sustain
• On-going Monitoring & Executive Reporting
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess
Design
Deliver
Sustain
Gain Understanding
• Develop Risk Assessment Strategy
• Perform Operations Risk Assessment &
Prioritization
• Determine risk and performance measurement
objectives and prioritization
• Identify relevant business and best practice
metrics
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess
Design
Deliver
Sustain
Develop Analytical Structure & Collect Metrics
Data
• Collect and aggregate metric data
• Validate integrity and completeness of metric data
• Develop appropriate analytical methods for
benchmarking scoring & indexing
• Analyze and compare metrics and benchmarks
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess
Design
Deliver
Sustain
Business Intelligence Delivery
• Implement most relevant metrics benchmarks and
indices
• Determine and implement optimal architecture
• Determine and implement reporting interface
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess
Design
Deliver
Sustain
Ongoing Monitoring & Executive Reporting
• Monitor and measure performance and risk
indicators
• Identify potential, problems requiring corrective
action
• Reassess/refine business intelligence model as
necessary
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Benefits









Value-added management tool for “real time” analysis
Audit wider range of balances, transactions, attributes, etc.
through automated tools and exception-only reports (population
vs. samples)
Opportunity to reduce / replace traditional audit procedures
Assists in migration towards on-going risk assessment vs.
annual audit plan/budget development
Enhances efficiency of control and compliance procedures
Provides meaningful management summaries
Enables trend analysis and benchmarking
Generate quantifiable results
Provides cost saving ideas
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Opportunities for Cost Savings

Vendor Consolidation
 Payment Optimization
 Exploiting discounts
 Improvement in contract terms and/or pricing
 Freight Optimization
 Cleanse and optimize Vendor Master File
 Reduction in maverick spend
 Competitive Pricing
 Lower transaction processing costs
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Opportunities for Cost Recovery

Duplicate payment analysis
 Missed Discounts
• Individual invoice
• Vendor contract discounts
 Purchase orders outside of existing vendor contracts
 Freight Recovery
 Price variances
 Rebates and/or promotions
 Sales and Use Tax
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Vendor Master Data Tests

Duplicate Vendor Analysis
• Vendor Number
• Vendor Name
• Vendor Address
• Taxpayer ID Number
• D-U-N-S® Number

Cross-referencing of vendor and employee master data
• Same address or name
• Must first understand handling of expense reimbursements

Vendor Activity Analysis
• Dormant vendors
• Unusually active vendors (may require a baseline)
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Expenditures Tests



Strategic Analysis (A/P Invoices, Disbursements, and Goods Receipts)
• Reporting volumes, amounts, and averages by vendor
• Reporting negative and zero dollar transactions
• Identifying outliers (largest and smallest)
• Stratification of transactions to identify potential risk areas and/or thresholds
• Benford analysis
Data Integrity Analysis (A/P Invoices and Disbursements)
• Gaps in Check Numbers (by checking account)
• Payments to/Pos from Non-vendors/employees
• Payment prior to Invoice Date
• Large Payment Analysis
• Recurring Payment/AP Invoice Analysis
Duplicates Analysis (A/P Invoices and Disbursements)
• By amount and vendor
• Confine to a fixed day-window to avoid recurring payments
• Take duplicate vendor analysis results into account
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Disbursements Tests


Freight Analysis
• Duplicate billings for same shipment
• Shipments to the same location in a short timeframe
• Analysis of abnormal freight costs, based on other and/or
historical shipments
• Reconciliation of shipments to A/P and goods receipts
records
• Carrier discount optimization
Employee Expense Analysis
• Wage disbursements with no or unusual withholdings
• Travel and other expense reimbursement analysis
• Benefits
 Health care spend reduction
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Disbursements Tests

Reconciliation Analysis
• Purchase Orders to A/P Invoices
 Price variances
 Quantity variances
• A/P Invoices to Goods Receipts
 Quantity variances
• A/P Invoices to Disbursements
 Amount variances – consider the 1 to m factor
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Revenue Leakage

Direct Revenue Loss
• Driven by poor manual and systematic controls
• Is estimated to be as high as 6% of revenue for many
companies
• Primary considerations
 Customer Service
– Contracts
– Credits
 Product pricing
 Billing inaccuracies
– Are you billing for things you should not?
– Are you not billing for things that you should?
 Tax/tariff allocation
– Are you paying too much?
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraud Detection
Fraudulent activity can
occur at any time within
an organization. Its
effects can be
widespread and often
lead to significant
monetary losses. Each
department within an
organization is
susceptible to fraudulent
activity. However, some
departments are more
vulnerable than others.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
A Big Problem

The Association of Certified Fraud Examiners
estimates revenues lost in 2002 to occupational fraud
and abuse will total approximately 6% of corporate
revenues. If applied to the U.S. Gross Domestic
Product, this translates into:
• Losses of $600 billion
• $4,500 of lost revenue per employee

Over half of the 663 cases studied caused losses of
over $100,000. Approximately one of every six
resulted in losses which exceeded $1 million.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts


The median length of time from inception to detection for
occupational frauds was 18 months.
• Expense Reimbursement and Check Tampering schemes
lasted approximately 24 months.
• Billing Schemes last approximately 23 months.
A Manager or Executive was the perpetrator of fraudulent
activity over 40% of the time.
• The median cost of frauds perpetrated by managers or
executives was $250,000.
• The median cost of frauds perpetrated by employees was
$70,000.
• Employee & Manager collusion yielded a median cost of
$500,000.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts

Males are responsible for committing 53.5% of fraud
at a median cost of $200,000.
 The median cost of fraud perpetrated by females is
$60,000.
 Employees, Managers, Executives, etc. are most
likely to commit their fraud between the ages 41-50.
 The most costly fraud activities are performed by
people over 60 years old. The median cost is
$500,000.
 A typical fraud perpetrator is a first-time offender.
Only 7% of those studied were known to have prior
convictions for fraud-related offenses.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts




Employees with a high school education or less are
perpetrators of fraud over 55% of the time at a
median cost of $70,000.
Those with a bachelor degree are next, accounting
for over 30% (and a median cost of $243,000).
Two out of every three fraud schemes are performed
by individuals acting alone at an average cost of
$67,000.
Fraudulent activities performed by two or more
people cost approximately $450,000.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Types of Fraud


“Asset Misappropriation” describes any act involving
the misuse of a company asset for personal gain.
Fraudulent disbursement schemes and receipts
manipulation are both exposures that must be
addressed.
Examples include:
• Billing schemes
• Fraudulent expense reimbursements
• Payroll fraud
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes


Billing schemes occur when an employee submits a false
invoice or alters an existing one, thus causing the company to
willingly (but unknowingly) issue a check for false expenses.
Billing schemes are popular because:
• They do not involve the direct theft of cash or checks from
the company.
• The check received is valid because it passed through the
disbursement cycle.
• They are the most costly of all asset misappropriations,
which means significant rewards for fraudster.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes

Billing schemes are accomplished in three ways:
• Invoicing via Shell Companies
 An employee will create a fictitious company for the sole purpose of
committing fraud.
 Invoices are sent to the victim company, requesting payment to the
shell company.
 The fraud perpetrator receives the check.
• Invoicing via Non-accomplice Vendors
 Such vendors are used for “Pay and Return” schemes.
 An employee will intentionally pay a legitimate invoice twice.
 He/she will then contact the vendor and request one of the checks be
returned. It is then intercepted and converted.
• Personal Purchases with Company Funds
 After making a personal purchase, an employee will submit an
unauthorized invoice to the Accounts Payable Department. By making
it appear the item was purchased for the company, the fraudster is
attempting to have his/her personal expense paid.
 The invoice submitted by the employee is not legitimate and therefore
must appear professional to avoid scrutiny.
 Supporting documentation, such as purchase requisitions, are also
forged to suggest the invoice is valid.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes


How can billing schemes be prevented?
• Prior to authorizing payment, invoices should be checked for
validity of the vendor, validity of the goods or services
invoiced, accuracy, and authenticity.
• Prior to processing payment, invoices should be checked for
proper authorization, accuracy and authenticity. This will
prevent overpayment, as well as payments being made to
fictitious vendors.
• Strictly control access to vendor master data.
How can check tampering potentially be detected through data
analysis?
• Vendor-level expenditures analysis
• Benford analysis
• Duplicates analysis
• Vendor master data analysis
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements
Expense reimbursement schemes occur when an
employee submits false expenses in the hope of
being reimbursed by the company. They are similar
to payroll schemes in that the documentation
provided causes the organization to unknowingly
disburse funds to the fraudster.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements

Expense reimbursement schemes can be
accomplished using the following tactics:
•
Mischaracterized Expenses

An employee will request payment of a personal expense by
claiming it was “business related”.
• Overstated Expenses

•
Fictitious Expenses

•
An employee will overstate the cost of actual business
expenses through altered receipts.
Employees will manufacture receipts, often by acquiring blank
receipts from a vendor.
Multiple Reimbursements

An employee will seek reimbursement for the same expense
several times by submitting various types of support for the
same expense, usually during different pay periods.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements

How can fraudulent expense reimbursements be prevented?
• Expenses should be reimbursed only if an original receipt
has been submitted as support.
• Receipts should be scrutinized to detect alterations or
forgeries.
• Other means of proving incurred expenses, such as airline
itineraries, credit card statements, etc. should not be
accepted unless approved by a supervisor.
• All expense reimbursements should be reviewed and
immediately processed upon approval. This would prevent
“approved” expenses from being altered prior to payment.
• Use a specific credit card for all business expenses.
Receive this information electronically from credit card
company and require electronic filing of expense reports by
employees. This will minimize the possibility of fraud, and if
fraud is occurring, will provide an easier means to identify it.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements

How can fraudulent expense reimbursements
potentially be detected through data analysis?
• Use a specific credit card for all business
expenses. Receive this information electronically
from credit card company and require electronic
filing of expense reports by employees. Reconcile
the two data sets.
• Duplicates analysis.
• Benford analysis.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud


Payroll schemes occur when an employee submits
false documentation (i.e. timecards) in an effort to
inflate his/her wages/salary. Such documentation
prompts the organization to unknowingly disburse
funds to the perpetrator.
Possible ways in which Payroll Fraud can occur:
• Falsified Hours and Salary
• Ghost Employees
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud

How can payroll fraud be prevented?
• All timecards should be reviewed for validity and accuracy.
• Once submitted for approval, employees should never see
their timecard again. This will prevent them from altering
their hours after the card has been “approved” for payment.
• Overtime hours must be authorized by a supervisor.
• If employees use a time clock to “punch in” and “punch out”,
they must do so when they arrive for work, take breaks, go
to lunch, leave for the day, etc. This will provide the most
accurate portrayal of time worked, as opposed to someone
forgetting to use the clock and then inflating their hours
because they were forced to estimate.
• Monitor employees to assure one employee is not punching
out for another.
• Strictly control access to payroll master data.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud

How can payroll fraud be detected through data
analysis?
• Review personnel files for duplicate addresses,
P.O. boxes, or social security numbers. Duplicate
information may suggest “ghost” employees are
on the payroll.
• Perform an employee-level hours analysis,
comparing employees’ hours with peers in their
departments.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Financial Statement Assertions
Assertion
Description
Validity/
Existence
The asset / liability exists and can be traced to
source documentation
Completeness
Transactions / assets / liabilities that SHOULD be in
the financial statements ARE
Recording / Cutoff
Each asset / liability is recorded at an appropriate
carrying value
Valuation
The entity has rights to an asset at a given date
a liability is an obligation at a given date
Presentation &
Disclosure
Financial statement components are properly
classified and described
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Sales and
Receivables
√
√
Calculate historical collection percentage and write-offs to confirm
management estimates
√
Compare open A/R by customer to the credit limit in the Customer
Master
√
Compare pricing in the invoice file to approved price list
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√
Value-Add
Recalculate aging for 100% of A/R
Controls
√
Fraud
Cutoff
√
Presentation
Recording
√
Valuation
Validity
Summarize sales activity over the testing period and reconcile to
the GL, identify unusual transactions around cut-off date
Completeness
DQI Procedures
√
√
√
√
√
√
√
√
√
√
√
Account Balance: Sales and
Receivables (cont’d)
Identify returns more than xx days from date of sale
√
√
Identify sales to customers at a discount rate greater than xx% of the
average product price for the period under review
Identify gaps in invoice sequence, duplicates
Extract all credit balances in A/R to ensure correctly classified
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√
√
√
√
√
√
Value-Add
√
Controls
Identify sales to customers not in the Customer Master file, inactive,
without a credit limit, infrequent buyers
√
Fraud
Compare invoice dates to shipment dates
Presentation
√
Valuation
Validity
√
Cutoff
Completeness
Identify invoices without an associated shipment and shipments
without an invoice
Recording
DQI Procedures
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
Balance: Payables
√
Value-Add
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Controls
Identify invoices posted with duplicate purchase order numbers
Fraud
√
Match the A/P open billed & unbilled to subsequent disbursements file
by period to identify open, unpaid invoices
Compare invoice and purchase order amounts and dates
Presentation
Recreate A/P aging and generate customized reports (by different
time buckets, customer, etc.)
Valuation
Cutoff
Recording
Validity
Completeness
DQI Procedures
√
√
√
√
√
√
√
√
√
Balance: Payables (cont’d)
Value-Add
√
Controls
Fraud
Presentation
√
Identify payments approved by same individual who approved the
purchase order
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√
√
√
Identify payments to unapproved vendors and duplicate payments
Perform gap testing on check numbers in the disbursements file to
identify missing checks or checks out of sequence
Valuation
√
Identify vendor profiles with missing information, obsolete vendors
and duplicate/similar vendors
Identify payments recorded for goods not received and identify goods
received and not recorded
Cutoff
Create a sample of debit disbursements for validity testing and
summarize by period to identify unusual year-end fluctuations
Recording
Validity
Completeness
DQI Procedures
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
Account Balance: Fixed Assets
√
√
Identify over-depreciated assets (net book value less than zero)
Identify assets without an associated useful life and without a
registered location
Identify assets being depreciated over inappropriate useful lives
based on asset class
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Value-Add
Valuation
√
Controls
Cutoff
√
Fraud
Recording
√
Presentation
Validity
Recalculate depreciation expense and accumulated depreciation for
100% of the assets in the Fixed Assets Master file and reconcile
Completeness
DQI Procedures
√
√
√
√
√
√
Account Balance: Fixed Assets
(cont’d)
√
√
Compare current year fixed asset data to prior year data, noting
changes in key data elements such as acquisition cost, in-service
date, residual value, and useful life.
√
√
Perform CMA sample on Fixed Assets for physical inspection
Identify duplicate assets by tag, serial/part number or description
Summarize assets by category and depreciation rate
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Value-Add
Perform a keyword search on the asset description to identify assets
that potentially should be expensed rather than capitalized
Controls
Fraud
Presentation
Valuation
Cutoff
Recording
Validity
Completeness
DQI Procedures
√
√
√
√
Account Balance: Payroll
√
√
Value-Add
Identify employees receiving payments after termination date
Controls
√
√
√
√
√
√
Fraud
Recording
√
Presentation
Validity
√
Valuation
Completeness
Identify duplicate, missing and terminated employees in the payroll
master file and match to any payments
Cutoff
DQI Procedures
Identify salaried employees receiving pay amounts above a
predetermined threshold
√
√
√
Identify hourly employees with submitted hours above a
predetermined weekly threshold
√
√
√
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√
Account Balance: Payroll (cont’d)
√
√
√
√
√
√
√
√
√
√
√
Value-Add
Controls
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraud
Identify paychecks not conforming to Benford’s law on gross pay or
net pay, bonuses or commissions
Presentation
Identify paychecks that have excessive, even or round numbers
Valuation
√
Reconcile and perform a CMA on payroll suspense accounts to ensure
appropriately classified
Identify employees who have not taken time off from work or have
taken minimal time off per HR Master file
Cutoff
Identify rates of pay for hourly employees above a predetermined
rate
Recording
Validity
Completeness
DQI Procedures
Account Balance: Inventory
√
√
√
√
√
√
√
√
Value-Add
√
Controls
√
Fraud
√
Presentation
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Valuation
Summarize purchases by month and assess whether unusual
fluctuations exist at year-end
Cutoff
Recalculate extended cost for 100% of inventory
Recording
Identify duplicate inventory items
Validity
Reconcile inventory and perform a CMA sample for test counts
Completeness
DQI Procedures
Account Balance: Inventory (cont’d)
Identify excess and obsolete inventory items
Identify inventory items with a cost greater than the retail/selling
price
Value-Add
√
Controls
Fraud
Presentation
Valuation
Cutoff
Recording
Validity
Identify inventory items with negative or zero cost, price or quantity
Completeness
DQI Procedures
√
√
√
√
√
√
√
Identify inventory items with a low profit margin based on
predetermined threshold
√
√
Summarize inventory by product group/class and stratify by last
delivery and last cyclical count
√
√
Identify inventory items without a recorded location
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√
√
√
√
Case Study 1
Overview
You work for a mid-size manufacturing company.
Due to recent economic conditions, you have been
charged with tightening spend and identifying
potential cost recoveries within the purchase-topay cycle. Identify, as a group, what areas you
would focus this review on, what procedures you
will perform, and what results you hope to obtain.
62
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Case Study 2
Overview
During a recent audit, it was determined that a
terminated employee had been receiving full pay
and benefits, along with his wife, 3 children, and
mother. The employee had been terminated 9
months when this finding was identified. As a
group and using data analysis, what could have
been done to identify this and what can be done
to identify all instances of these occurrences and
prevent these in the future?
63
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
64
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.