• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
PowerPoint Version

PowerPoint Version






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Another view using a Maturity Model
  • Why to a kinder, more gentle, familiar place where anyone can analyze their corporate data from one, easy to use desktop application, regardless of where it resides and the operating system it lives in, Virginia…

PowerPoint Version PowerPoint Version Presentation Transcript

  • Continuous Controls Monitoring                                                    
  • Sarbanes-Oxley
    • Section 302:
    • Evaluating disclosure controls and procedures
    • Design a process to identify operating and other changes that impact the effectiveness of established controls
    • Provides a credible body of evidence for certification requirements
    • Section 404:
    • Provide an annual assessment as to the effectiveness of internal controls in financial reporting and obtain an attestation from external auditors that the controls are effective
  • SOX 404 Maturity [META, Dec 2003] Stage Stage Description Where’s the market today? Market Timing   0 Exploration 10% Dec 03 – Jun 04 1 Building Awareness   25%   Dec 03 – Sep 04   2 Project Initiation   40%   Dec 03 – Dec 04   3 Project Execution   20%   Dec 03 – Jun 05   4 Perform Assessment/ Review Results   5%   Apr 04 – Apr 05   5 Optimization/ Continuing Compliance   0%   Jun 04 onwards
  • A Typical Section 404 Strategy
    • Accountability – identify team
    • Evaluate internal control environment of your organization
    • Document control framework (COSO)
    • Identify controls at the process, transaction, and application level
    • Test the controls and evaluate their effectiveness
    • Set up monitoring processes
  • Business Issues
    • Maintain Cost Controls
      • Reduced Costs
      • Rationalized products
      • Streamlined Supply Chain
    • Expand Business
      • Look at new markets and new geographies to drive growth
    • Regulatory compliance
      • Sarbanes Oxley 2004
    Continue the financial control and aggressive growth plans initiated in 2003
  • Some Benchmark Statistics
    • 1.6% avg. error rate for Vendor Payments
    • 3.6% avg. error rate for Incoming Invoices
    • 0.5% Duplicate Payments (7% of companies over 5000 employees)
    • 4.8% avg. error rate for T&E Vouchers
    • 1% avg. error rate for T&E Payments
      • Source: IOMA Benchmark Survey 2003
      • Institute of Management & Administration
  • Data Quality Importance
    • Why is a 99% accuracy rate (3.8 Sigma¹) not good enough? In the US alone, this would equate to:
      • 20,000 lost articles of mail/hour
      • 5,000 incorrect surgical operations/week
      • 200,000 incorrect drug prescriptions/year
      • No electricity for almost seven hours/month
    What does a 1% error rate mean to your organization?
  • End game is
    • Good Governance is Good Business!
  • Continuous Monitoring in Action Continuous Controls Monitoring in Action Take best practices for analysis of data performed during traditional audit processes, incorporate additional sophisticated analytics, and embed them in day-to-day operational monitoring processes. Controls & Compliance Rules Test transactional data against established internal control parameters Additional Sophisticated Analytics Test transactional data against expected historical and statistical norms Significant Control Breaches Suspect Transactions Transactional Data Data Data Data Alerts Findings Financial Management & Business Unit Managers Management Action Immediate notification of critical exposures Suspect transactions detailed and summarized for further analysis. Investigations, recoveries, and improved controls and procedures
  • ACL Solutions Ad Hoc Repeated Continuous Customer-defined Applications ACL Enterprise Solutions
    • Trend Analysis
    • Statistical Sampling
    • Core Business Processes
    • Controls Compliance
    Product line extension PHASE 1: 1. Instantaneous Controls Monitoring 2. Change Management Corporate Risk Officer Process Owner Control Operator Internal Audit PHASE 2: 1. Risk Quantification 2. Controls Development 3. Controls Testing
  • Levels of Risk/Effort RISK Disclosures Controls Internal Controls over Financial Reporting Internal Controls over Financial Reporting Disclosures Controls EFFORT
  • CCM Product Result are displayed for viewing and further analysis Modify analysis parameter, scheduling, and security authorization Transactional data is interrogated through sophisticated analysis tests Access multiple data sources, regardless of format BROWSER-BASED USER INTERFACE ACL ANALYTIC PROCESSES ERP CRM SCM Legacy Test Results Repository Test Parameters & Thresholds System Access & Authorization DATA SOURCES Financial Management System Administration Analysts Direct Link for SAP R/3
  • CCM Solution Framework Business Process Areas Industry-Specific Compliance P-Card Expenses Data Quality Cardholder & Transaction Authorization Transaction Validation Merchant Analysis Trend Analysis Travel & Entertainment Data Quality Transaction Authorization Transaction Validation Purchase-to- Payment Data Quality Requisition Receiving Accounts Payable Cash Disbursement Payment Anti-Money Laundering & Compliance Currency Transaction Reporting (CTR) Analysis Suspicious Activity Reporting (SAR) Analysis Terrorist Reporting Analysis Know Your Customer Analysis
  • Solution Areas Duplicates ? Mismatches ? Unusual Activity ? Incomplete Data ?
    • Fraud Analysis
    • Regulatory Compliance
    • Controls Compliance Analysis
    • Strategic Audit
    • Data Quality Management
    • Other …
    Payables Duplicate Payments Control limit Mgmt Received/ordered Split payments Travel & Expense Approval controls Threshold compliance “ Absent” expenses Manage vendors Pro Card Limit management Threshold compliance Volume activity Trend analysis SOX 404 Compliance Compliance
  • Controls Monitoring Benefits There are substantial benefits to implementing ACL’s Controls Monitoring Applications.
    • Assurance Benefits
    • Independence of processing
    • Continuous monitoring of 100% of transactions
    • Evidentiary matter for Sarbanes-Oxley compliance
    • Evaluation of the effectiveness of controls
    • Performance Benefits
    • Faster identification of transaction issues
    • Quicker discovery of data integrity issues
    • Fast implementation and easy integration into existing data sources
    • Economic Benefits
    • Reduced transaction costs
    • Reduced fraud and errors
    • Low-cost implementation
    Improved Business Performance
  • Accessing the data “ Ubiquitous data access from a single point of view” ACL Server Edition OS/390 DB2 IMS ADABAS ACL Server Edition AIX Oracle DB2 ACL Server Edition OS/400 DB2 ACL Server Edition Windows SQL Server Oracle DB2 ACL Server Edition LINUX Oracle DB2 ACL Desktop Edition Any non-relational or legacy data Direct Link for SAP R/3
  • IIA 2003 Software Survey
  • IIA 2003 Software Survey
  • Summary
    • Continuous Monitoring provides an opportunity for significantly improved levels of control and assurance
    • The accounting and control profession has discussed it for years – the time is now ideal for implementation
    • Technology is available to enable continuous monitoring
    • Businesses can’t afford to miss the issues
    • Good governance is Good Business!
    • Fred Wechselberger ACL Services Ltd. [email_address] 604-646-4274
    • www.acl.com [email_address]