SlideShare a Scribd company logo

Continuous Auditng And Process Optimisation

Amit Gupta FCA | GCMA| CISA | DISA | CISSP | CEH
Amit Gupta FCA | GCMA| CISA | DISA | CISSP | CEH

Continuous Auditing supporting Internal Audit & Frauds and Process Optimisation

1 of 15
Continuous Auditing & Control Optimisation Amit Gupta Partner, 3U FCA, GCWA, ISA (ICAI), CISSP, CEH Email:gupta_amitu@gmail.com M-+91-9313099056 Continuous Auditing and Controls Optimisation 1
Traditional Audit Model Is Becoming Outdated • Does it meet the needs of those who pay for it, rely upon it or provide it? • Historical audits have not proven to be effective deterrents to financial fraud • Sampling misses anomalies • Need more timely audit results • The cost of an audit may become prohibitive • Public skepticism about corporate integrity has increased Continuous Auditing and Controls Optimisation 2
Staying In Compliance “What Most Companies Will Follow?” • Automate/optimize controls • Automate audit process through Continuous Auditing • Implement & maintain a process or structure to identify significant changes to your business & significant changes to your controls • Keep your process & control documentation current • Pass the test with your external auditors Continuous Auditing and Controls Optimisation 3
Expected Outcomes of Continuous Auditing & Optimization • Clearly articulated tone at the top and stronger control environment • Risk-based, top-down approach to determine “in scope” accounts • Identification of key controls that will prevent or detect material errors • Controls that are operationally efficient, cost effective, and integrated into daily operations • Streamlined and clearly documented processes • Streamlined testing, remediation, and monitoring approaches Stronger Internal Controls over Financial Reporting Decreasing levels of effort to sustain compliance Continuous Auditing and Controls Optimisation 4
The Future with Continuous Auditing & Optimization Top-Down Automate Risk-Based Review Current Continuous /Optimize Future Effort Reduce Auditing control Effort Significant Accounts & 10%   5% Related Processes Key Controls 15%   10% Process Controls 10%    10% Documentation 40%    20% Testing 35%    20% 100% 65% Efficiency* 35% *For illustrative purposes only. Actual efficiencies gained will vary based on individual organization circumstances. Continuous Auditing and Controls Optimisation 5
Benefits of Continuous Auditing • Process Owners react to problems/opportunities that are quantified • Identification of business process improvement opportunities • Improved likelihood of detecting material errors • Timely identification of issues allows rapid resolution • Better, more current information for decision making • Easier compliance with regulations • More comprehensive audit coverage • Better quality data and processes • Greater deterrence of fraud and other undesirable behaviors Continuous Auditing and Controls Optimisation 6
Key Continuous Auditing (CA) Milestones Now • Management Committee endorsement • Application of analytics to data • Designation of CA partner • Initial client value proposition statement 1M • Identification of pilot unit/area • Audit policy development 2M • Development of client data acquisition system • Development of advanced analytic engine 4M • Client trials of new technologies and audit methods • Audit operational plans 8M • Roll out Easy Challenging Really Hard Continuous Auditing and Controls Optimisation 7
Business Deliverables • Short Term Offerings – Available now – Data quality assessment – Audit planning system – Expanded use of analytic techniques in ongoing audits • Medium Term – Deliver higher quality audit with reduced effort – Reduce audit risk – Delivering more value to business – Change business model of audit Continuous Auditing and Controls Optimisation 8
CONTINUOUS AUDITING FOR SEGREGATION OF DUTIES Continuous Auditing and Controls Optimisation 9
Benefits of Improved Process • Automated reports with audit trails identifying exceptions to controls and mitigation uses • Reduced cost of monitoring controls • Reduction of over 3,000 violations within a 60 day period • Closed out 2 audit findings related to excessive access and monitoring • Provided a common data set for Finance, IT Security, Business Controls, and SAP team to drive improvement Continuous Auditing and Controls Optimisation 10
Reduced SOD Violations by Two Thirds in Less than two Months High Priority Segregation of Duties Violations Sept 27 to Nov 30 3,600 3,500 3,000 2,500 2,000 1,500 1,000 427 500 0 Sept 27 Oct 10 Oct 31 Nov 15 30-Nov Continuous Auditing and Controls Optimisation 11
Identifying opportunity for Automation • Implement automated workflow for role approval, on- boarding process and SOD waiver process: – Reduce high-cost co-sourcing support . – Reduce manual process such as Excel spreadsheet and .PST administration (for audit). Continuous Auditing and Controls Optimisation 12
CONTINUOUS AUDITING FOR FRAUD DETECTION Continuous Auditing and Controls Optimisation 13
Identify Fraud using Continuous Auditing – Fraud Analysis – A simple analysis of data such as payroll, employee, vendor, accounts payable, and accounts receivable can help determine if fraud is occurring. – Payroll Fraud • Duplicates (i.e. payees on same date, same or similar names, SSNs, direct deposit account numbers) • Paychecks being created for employees that have no time and attendance, invalid SSN, no expenses, no vacation, little or scare personnel records, etc • Wages inconsistent with job classification • Pay date precedes employment date • Terminated employees continuing to be paid – Purchasing Fraud • Duplicate disbursement amounts • Duplicate invoice numbers/dates • Duplicate disbursements on same date • Disbursement to vendor not in vendor database • Vendor name/address/phone # same as employee name/address/phone # • Invoice’s “pay to” address different from address in vendor or contract database Continuous Auditing and Controls Optimisation 14
Fraud – Use Benford’s Law to identify anomalous transactions in: • Accounts payable and expenses • Accounts receivable and sales • Refunds • Payroll • Estimations in the general ledger – Invented, contrived, or manipulated numbers do not follow Benford’s Law – Doesn’t apply to all data sets • i.e. sets of data with numbers that have imposed ceilings or floors such as IRA contributions or hourly wage rates – Human analysis of anomalies is needed Continuous Auditing and Controls Optimisation 15

Recommended

Continuous auditing
Continuous auditingContinuous auditing
Continuous auditingacc626tan
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.FrenchDan French
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Going Beyond Business Systems
Going Beyond Business SystemsGoing Beyond Business Systems
Going Beyond Business SystemsKarl Fultz
 
Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Support for Improvement in Governance and Management SIGMA
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Gaiani (CarnCorpAudit)
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 

Recommended

Continuous auditing
Continuous auditingContinuous auditing
Continuous auditingacc626tan
 
Continuous Auditing D.French
Continuous Auditing D.FrenchContinuous Auditing D.French
Continuous Auditing D.FrenchDan French
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Going Beyond Business Systems
Going Beyond Business SystemsGoing Beyond Business Systems
Going Beyond Business SystemsKarl Fultz
 
Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Support for Improvement in Governance and Management SIGMA
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Gaiani (CarnCorpAudit)
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 
Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsMarkSpong1
 
Fraud detection guide
Fraud detection guideFraud detection guide
Fraud detection guideCenapSerdarolu
 
P2P Document
P2P DocumentP2P Document
P2P DocumentKishore Js
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guideCenapSerdarolu
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
Bara ERM v2
Bara ERM v2Bara ERM v2
Bara ERM v2Eric Pascal
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Support for Improvement in Governance and Management SIGMA
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireCenapSerdarolu
 
Root Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPARoot Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPASafetyChain Software
 
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Support for Improvement in Governance and Management SIGMA
 
Audit Evidence Presentation
Audit Evidence PresentationAudit Evidence Presentation
Audit Evidence PresentationSheikh Ali Asghar
 
Audit procedures
Audit proceduresAudit procedures
Audit proceduresBilal Ahmed Bhatti
 
Analyitical review procedures and going concern
Analyitical review procedures and going concernAnalyitical review procedures and going concern
Analyitical review procedures and going concernEMAC Consulting Group
 
AP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P TransformationAP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P TransformationTradeshift
 
ISA 520 Analytical Procedures
ISA 520 Analytical ProceduresISA 520 Analytical Procedures
ISA 520 Analytical ProceduresSazzad Hossain, ITP, MBA, CSCA™
 
Integrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit PlanIntegrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit PlanCaseWare IDEA
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529eChipo Nyachiwowa
 
Case Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian BankCase Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian Bankmastersunconsulting
 
Vikas Dutta Presentation at Rutgers CARLAB Nov 2012
Vikas Dutta Presentation at Rutgers CARLAB Nov 2012Vikas Dutta Presentation at Rutgers CARLAB Nov 2012
Vikas Dutta Presentation at Rutgers CARLAB Nov 2012Vikas Dutta, CISA, CIPP/IT, ISO 27001 LA
 
TEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptxTEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptxHeldaMaryA
 

More Related Content

What's hot

Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsMarkSpong1
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guideCenapSerdarolu
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireCenapSerdarolu
 
Root Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPARoot Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPASafetyChain Software
 
Analyitical review procedures and going concern
Analyitical review procedures and going concernAnalyitical review procedures and going concern
Analyitical review procedures and going concernEMAC Consulting Group
 
AP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P TransformationAP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P TransformationTradeshift
 
Integrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit PlanIntegrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit PlanCaseWare IDEA
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529eChipo Nyachiwowa
 
Case Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian BankCase Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian Bankmastersunconsulting
 

What's hot (20)

Model Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common PitfallsModel Governance and Validation: Best Practices and Common Pitfalls
Model Governance and Validation: Best Practices and Common Pitfalls
 
Fraud detection guide
Fraud detection guideFraud detection guide
Fraud detection guide
 
P2P Document
P2P DocumentP2P Document
P2P Document
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guide
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit Approach
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentation
 
Bara ERM v2
Bara ERM v2Bara ERM v2
Bara ERM v2
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
 
Root Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPARoot Cause Analysis - How It Informs CAPA
Root Cause Analysis - How It Informs CAPA
 
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
 
Audit Evidence Presentation
Audit Evidence PresentationAudit Evidence Presentation
Audit Evidence Presentation
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Analyitical review procedures and going concern
Analyitical review procedures and going concernAnalyitical review procedures and going concern
Analyitical review procedures and going concern
 
AP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P TransformationAP – A Catalyst for P2P Transformation
AP – A Catalyst for P2P Transformation
 
ISA 520 Analytical Procedures
ISA 520 Analytical ProceduresISA 520 Analytical Procedures
ISA 520 Analytical Procedures
 
Integrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit PlanIntegrating Data Analytics into a Risk-Based Audit Plan
Integrating Data Analytics into a Risk-Based Audit Plan
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529e
 
Case Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian BankCase Study of Service Transformation : Leading Indian Bank
Case Study of Service Transformation : Leading Indian Bank
 

Similar to Continuous Auditng And Process Optimisation

TEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptxTEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptxHeldaMaryA
 
The System and Process of Controlling
The System and Process of ControllingThe System and Process of Controlling
The System and Process of ControllingMahamid Rahman
 
Rutgers Research Center
Rutgers Research CenterRutgers Research Center
Rutgers Research Centercarlabrut
 
CaseWare Monitor 5 - Take Control of Your Business
CaseWare Monitor 5 - Take Control of Your BusinessCaseWare Monitor 5 - Take Control of Your Business
CaseWare Monitor 5 - Take Control of Your BusinessAlessa
 
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...How To Reduce Costs And Improve Financial Performance using NextGen Practice ...
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...James Muir
 
Effective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptxEffective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptxCAVEDPRAKASHPALIWAL
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic FrameworkJeremy Cheng
 
Final-Audit-Sampling.pdf
Final-Audit-Sampling.pdfFinal-Audit-Sampling.pdf
Final-Audit-Sampling.pdfssuser5945a3
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101ntel
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptxdotco
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
Transparent Continuous Monitoring
Transparent Continuous MonitoringTransparent Continuous Monitoring
Transparent Continuous MonitoringTransparent
 
Supplier Performance Management Webinar
Supplier Performance Management Webinar Supplier Performance Management Webinar
Supplier Performance Management Webinar Qualsys Ltd
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Genpact Ltd
 
Understanding and Mitigating Risks to Your Company
Understanding and Mitigating Risks to Your CompanyUnderstanding and Mitigating Risks to Your Company
Understanding and Mitigating Risks to Your CompanySkoda Minotti
 
Failure Modes FMEA-&-Measurement_Systems_Analysis.ppt
Failure Modes FMEA-&-Measurement_Systems_Analysis.pptFailure Modes FMEA-&-Measurement_Systems_Analysis.ppt
Failure Modes FMEA-&-Measurement_Systems_Analysis.pptMadan Karki
 
Improve Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best PracticesImprove Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best PracticesLavante Inc.
 

Similar to Continuous Auditng And Process Optimisation (20)

Vikas Dutta Presentation at Rutgers CARLAB Nov 2012
Vikas Dutta Presentation at Rutgers CARLAB Nov 2012Vikas Dutta Presentation at Rutgers CARLAB Nov 2012
Vikas Dutta Presentation at Rutgers CARLAB Nov 2012
 
TEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptxTEST CHECKING AND TECHNIQUES-PPT.pptx
TEST CHECKING AND TECHNIQUES-PPT.pptx
 
The System and Process of Controlling
The System and Process of ControllingThe System and Process of Controlling
The System and Process of Controlling
 
Rutgers Research Center
Rutgers Research CenterRutgers Research Center
Rutgers Research Center
 
CaseWare Monitor 5 - Take Control of Your Business
CaseWare Monitor 5 - Take Control of Your BusinessCaseWare Monitor 5 - Take Control of Your Business
CaseWare Monitor 5 - Take Control of Your Business
 
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...How To Reduce Costs And Improve Financial Performance using NextGen Practice ...
How To Reduce Costs And Improve Financial Performance using NextGen Practice ...
 
Effective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptxEffective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptx
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
 
Final-Audit-Sampling.pdf
Final-Audit-Sampling.pdfFinal-Audit-Sampling.pdf
Final-Audit-Sampling.pdf
 
What is Quality Management System | QMS System
What is Quality Management System | QMS SystemWhat is Quality Management System | QMS System
What is Quality Management System | QMS System
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptx
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
Transparent Continuous Monitoring
Transparent Continuous MonitoringTransparent Continuous Monitoring
Transparent Continuous Monitoring
 
Supplier Performance Management Webinar
Supplier Performance Management Webinar Supplier Performance Management Webinar
Supplier Performance Management Webinar
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
 
Understanding and Mitigating Risks to Your Company
Understanding and Mitigating Risks to Your CompanyUnderstanding and Mitigating Risks to Your Company
Understanding and Mitigating Risks to Your Company
 
Failure Modes FMEA-&-Measurement_Systems_Analysis.ppt
Failure Modes FMEA-&-Measurement_Systems_Analysis.pptFailure Modes FMEA-&-Measurement_Systems_Analysis.ppt
Failure Modes FMEA-&-Measurement_Systems_Analysis.ppt
 
Improve Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best PracticesImprove Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best Practices
 

Continuous Auditng And Process Optimisation

  • 1. Continuous Auditing & Control Optimisation Amit Gupta Partner, 3U FCA, GCWA, ISA (ICAI), CISSP, CEH Email:gupta_amitu@gmail.com M-+91-9313099056 Continuous Auditing and Controls Optimisation 1
  • 2. Traditional Audit Model Is Becoming Outdated • Does it meet the needs of those who pay for it, rely upon it or provide it? • Historical audits have not proven to be effective deterrents to financial fraud • Sampling misses anomalies • Need more timely audit results • The cost of an audit may become prohibitive • Public skepticism about corporate integrity has increased Continuous Auditing and Controls Optimisation 2
  • 3. Staying In Compliance “What Most Companies Will Follow?” • Automate/optimize controls • Automate audit process through Continuous Auditing • Implement & maintain a process or structure to identify significant changes to your business & significant changes to your controls • Keep your process & control documentation current • Pass the test with your external auditors Continuous Auditing and Controls Optimisation 3
  • 4. Expected Outcomes of Continuous Auditing & Optimization • Clearly articulated tone at the top and stronger control environment • Risk-based, top-down approach to determine “in scope” accounts • Identification of key controls that will prevent or detect material errors • Controls that are operationally efficient, cost effective, and integrated into daily operations • Streamlined and clearly documented processes • Streamlined testing, remediation, and monitoring approaches Stronger Internal Controls over Financial Reporting Decreasing levels of effort to sustain compliance Continuous Auditing and Controls Optimisation 4
  • 5. The Future with Continuous Auditing & Optimization Top-Down Automate Risk-Based Review Current Continuous /Optimize Future Effort Reduce Auditing control Effort Significant Accounts & 10%   5% Related Processes Key Controls 15%   10% Process Controls 10%    10% Documentation 40%    20% Testing 35%    20% 100% 65% Efficiency* 35% *For illustrative purposes only. Actual efficiencies gained will vary based on individual organization circumstances. Continuous Auditing and Controls Optimisation 5
  • 6. Benefits of Continuous Auditing • Process Owners react to problems/opportunities that are quantified • Identification of business process improvement opportunities • Improved likelihood of detecting material errors • Timely identification of issues allows rapid resolution • Better, more current information for decision making • Easier compliance with regulations • More comprehensive audit coverage • Better quality data and processes • Greater deterrence of fraud and other undesirable behaviors Continuous Auditing and Controls Optimisation 6
  • 7. Key Continuous Auditing (CA) Milestones Now • Management Committee endorsement • Application of analytics to data • Designation of CA partner • Initial client value proposition statement 1M • Identification of pilot unit/area • Audit policy development 2M • Development of client data acquisition system • Development of advanced analytic engine 4M • Client trials of new technologies and audit methods • Audit operational plans 8M • Roll out Easy Challenging Really Hard Continuous Auditing and Controls Optimisation 7
  • 8. Business Deliverables • Short Term Offerings – Available now – Data quality assessment – Audit planning system – Expanded use of analytic techniques in ongoing audits • Medium Term – Deliver higher quality audit with reduced effort – Reduce audit risk – Delivering more value to business – Change business model of audit Continuous Auditing and Controls Optimisation 8
  • 9. CONTINUOUS AUDITING FOR SEGREGATION OF DUTIES Continuous Auditing and Controls Optimisation 9
  • 10. Benefits of Improved Process • Automated reports with audit trails identifying exceptions to controls and mitigation uses • Reduced cost of monitoring controls • Reduction of over 3,000 violations within a 60 day period • Closed out 2 audit findings related to excessive access and monitoring • Provided a common data set for Finance, IT Security, Business Controls, and SAP team to drive improvement Continuous Auditing and Controls Optimisation 10
  • 11. Reduced SOD Violations by Two Thirds in Less than two Months High Priority Segregation of Duties Violations Sept 27 to Nov 30 3,600 3,500 3,000 2,500 2,000 1,500 1,000 427 500 0 Sept 27 Oct 10 Oct 31 Nov 15 30-Nov Continuous Auditing and Controls Optimisation 11
  • 12. Identifying opportunity for Automation • Implement automated workflow for role approval, on- boarding process and SOD waiver process: – Reduce high-cost co-sourcing support . – Reduce manual process such as Excel spreadsheet and .PST administration (for audit). Continuous Auditing and Controls Optimisation 12
  • 13. CONTINUOUS AUDITING FOR FRAUD DETECTION Continuous Auditing and Controls Optimisation 13
  • 14. Identify Fraud using Continuous Auditing – Fraud Analysis – A simple analysis of data such as payroll, employee, vendor, accounts payable, and accounts receivable can help determine if fraud is occurring. – Payroll Fraud • Duplicates (i.e. payees on same date, same or similar names, SSNs, direct deposit account numbers) • Paychecks being created for employees that have no time and attendance, invalid SSN, no expenses, no vacation, little or scare personnel records, etc • Wages inconsistent with job classification • Pay date precedes employment date • Terminated employees continuing to be paid – Purchasing Fraud • Duplicate disbursement amounts • Duplicate invoice numbers/dates • Duplicate disbursements on same date • Disbursement to vendor not in vendor database • Vendor name/address/phone # same as employee name/address/phone # • Invoice’s “pay to” address different from address in vendor or contract database Continuous Auditing and Controls Optimisation 14
  • 15. Fraud – Use Benford’s Law to identify anomalous transactions in: • Accounts payable and expenses • Accounts receivable and sales • Refunds • Payroll • Estimations in the general ledger – Invented, contrived, or manipulated numbers do not follow Benford’s Law – Doesn’t apply to all data sets • i.e. sets of data with numbers that have imposed ceilings or floors such as IRA contributions or hourly wage rates – Human analysis of anomalies is needed Continuous Auditing and Controls Optimisation 15