5. 20 REASONS FOR CONTINUOUS AUDITING
1. Historic audit results help predict the
likelihood of a transaction being an exception
2. Uses risk scoring techniques to be more
effective identifying audit exceptions
3. Scope is Enterprise-wide & end-to-end
4. Audits covers 100% of the transactions
5. Strategic scope by creating partnerships with
business & compliance teams
6. Uses unsupervised and deep learning
modeling to identify emerging risks
7. Value-added findings that can be quantified
8. Diagnostic analytics uncover insightful root-
causes
9. Elevates the Audit brand
10.Promotes Auditor expertise
11. It could be a self-funded initiative
12. Other audit groups such as SOX,
compliance teams, external audit can
leverage some of the testing
13. Culture of controllership
14. Platform for Fraud detection
15.Uses robotics to minimize manual work
QUALITY COST
16. Up to 5x faster than traditional audits
17. Early detection of audit issues
18. Continuous Assurance
19. Painless audits to the business
20. Phased out approach
SPEED
6. STATE OF CONTINUOUS AUDITING IN OUR PROFESSION
- “Adopting” phase
- “Medium” Impact on audit effectiveness
- “Medium” level of commitment
7. IIA GUIDANCE
- Ongoing risk and control assessments
- Technology- enabled reviews
- Ongoing evaluations based on a large
proportion of transactions
- Evidence, timing, procedures, effort are different
from traditional audits
- Requires leadership, change management, and
a phased approach
- Provides results to management (reports,
analytics, visualizations)
11. AETNA STRATEGY
- All audits approved by the Audit Committee
- Comprised of: Risk Control Assessments and Transaction
Testing
- Executed by a centralized Continuous Auditing Team
- Technology enabled audits
- Minimizes physical work – near full automation
- Audit activities ongoing throughout the year
- Issue an audit report
- Share analytic support, visualizations and technology with
management
12. POTENTIAL CONTINUOUS AUDITING AREAS
- Cash Areas: T&E, Procure-to-Pay, Payroll
- Risky/Strategic Areas: G/L, Revenue, Fixed Assets
- Compliance Areas: FCPA, Third-Party Vendors, Variable
Compensation
- Organic Growth: Convert a completed traditional audit that
uses analytics into a Continuous Audit Program
15. PLANNING –
KICK-OFF MEETING
Email executive prior to
meeting about the help
requested
Introduce team &
capabilities
Explain Continuous
Auditing approach
Discuss upcoming audit
Set expectations &
requirements
16. PLANNING –
DATA REQUEST
Start with the Audit
Universe
Sent by the Analytics
Leader to the Business
Liaison
Executive is copied
Subject states “Audit
Request”
Request specifies all key
details (system, period,
fields, field descriptions,
etc)
18. PLANNING –
ANALYTICS
FRAMEWORK
Multiple sessions with
Analytics team, IAD
Team, Business,
Compliance, CAE, etc.
Select “phase 1” analytics
based on testing area,
complexity and risk level.
Document and Socialize
Post in Analytics Library
19. ANALYTICS FRAMEWORK
FraudCompliance Spending PatternAbuse / Waste / Errors Controls
Travel
Expenses
Use of Suspicious MCC
False Mileage Claims
Submission
Travel Exp. Near or Beyond
Termination Date
Suspicious Airfare
False Meal Submission
Excessive Transactions
below receipt limit
Unapproved Govt. official
Expenses
Spending without Attendee
Details
Unauthorized use of gift
card providers
Use of non-approved Travel
Agencies
Gas without Rental Car/Gas
& Mileage
Excessive Spending as per
peer group
Round dollar amounts
All business expense in
cash
Excessive daily Meals over
daily threshold
Duplicate Expense Claims
Excessive meals in
hometown
Split Transactions
Excessive Spending with
same Attendee
Excessive frequency of
same employee recognition
Approved by Supervisor
Procure-to-
Pay
Payments made to
employee through accounts
payable system
Screening Process
Invoice date created after
the PO date
Vendor Master Data Quality
Adequacy of Approval
Amount
Incomplete Vendor Master
data
Lack of PO
Unfavorable Payment terms
Aged Open Purchase
orders
Duplicate Invoicing
Unapproved freight or other
charges
PO Approval process
Aged Open Invoices
Overpaid purchase orders
General
Ledger
Dormant Accounts
Suspense Accounts
Reserve Manipulation
Capitalization of expenses
and non-std revenue entries
Support of MJE
Timeliness account
reconciliation
Rounded Amount
Vague MJEs Descriptions
Non-Finance Employees
Booking Entries
Trending of Accounts
Non-Standard reversals
Vague MJEs
Aging of reconciling items
MJE Keyword Analysis
Top level entries
MJE Approval
Approval of account
reconciliation
34. KEY METHODOLOGY ACTIVITIES / DELIVERABLES
• Kick-off ALL new audits with
executives (first month of
audit cycle)
• “Universe” Audit Data
Request
• High level process overview
• Executive coaching session /
vision
• Analytics Framework
• Access to front-end system
• Analytics scoping
• Project plan
Planning
2-4 weeks
• Build risk monitoring
platform
• Audit risk monitoring session
• Business risk monitoring
experience
• Log risk scenarios in the
Case Management Tool
• Early Warning System
• Technical document
Risk Monitoring
1-2 weeks
• Transaction Selection
• Investigation
Transaction Testing
2-4 weeks
Reporting
1-4 weeks
35. KEY METHODOLOGY ACTIVITIES / DELIVERABLES
• Kick-off ALL new audits with
executives (first month of
audit cycle)
• “Universe” Audit Data
Request
• High level process overview
• Executive coaching session /
vision
• Analytics Framework
• Access to front-end system
• Analytics scoping
• Project plan
Planning
2-4 weeks
• Build risk monitoring
platform
• Audit risk monitoring session
• Business risk monitoring
experience
• Log risk scenarios in the
Case Management Tool
• Early Warning System
• Technical document
Risk Monitoring
1-2 weeks
• Transaction Selection
• Investigation
Transaction Testing
2-4 weeks
• Discussion Log
• Audit Report
• Support of analytics
Reporting
1-4 weeks
36. FINAL THOUGHTS
1. Plan your journey in 3-year increments
2. Be an Analytics & Technology advocate
3. Become a Marketing Master
4. Keep tabs on the wins
5. Disrupt the Status Quo with Innovation