Improve Regulatory Compliance & Risk Management Using Best Practices
Continuous Auditng And Process Optimisation
1. Continuous Auditing &
Control Optimisation
Amit Gupta
Partner, 3U
FCA, GCWA, ISA (ICAI), CISSP, CEH
Email:gupta_amitu@gmail.com
M-+91-9313099056
Continuous Auditing and Controls Optimisation 1
2. Traditional Audit Model Is Becoming
Outdated
• Does it meet the needs of those who
pay for it, rely upon it or provide it?
• Historical audits have not proven to be
effective deterrents to financial fraud
• Sampling misses anomalies
• Need more timely audit results
• The cost of an audit may become
prohibitive
• Public skepticism about corporate
integrity has increased
Continuous Auditing and Controls Optimisation 2
3. Staying In Compliance
“What Most Companies Will Follow?”
• Automate/optimize controls
• Automate audit process through Continuous
Auditing
• Implement & maintain a process or structure to identify
significant changes to your business & significant changes to
your controls
• Keep your process & control documentation current
• Pass the test with your external auditors
Continuous Auditing and Controls Optimisation 3
4. Expected Outcomes of Continuous
Auditing & Optimization
• Clearly articulated tone at the top and stronger control
environment
• Risk-based, top-down approach to determine “in scope”
accounts
• Identification of key controls that will prevent or detect material
errors
• Controls that are operationally efficient, cost effective, and
integrated into daily operations
• Streamlined and clearly documented processes
• Streamlined testing, remediation, and monitoring approaches
Stronger Internal Controls over Financial Reporting
Decreasing levels of effort to sustain compliance
Continuous Auditing and Controls Optimisation 4
5. The Future with Continuous Auditing &
Optimization
Top-Down Automate
Risk-Based Review Current Continuous /Optimize Future
Effort Reduce Auditing control Effort
Significant
Accounts & 10% 5%
Related Processes
Key Controls 15% 10%
Process Controls 10% 10%
Documentation 40% 20%
Testing 35% 20%
100% 65%
Efficiency* 35%
*For illustrative purposes only. Actual efficiencies gained will vary based on individual
organization circumstances.
Continuous Auditing and Controls Optimisation 5
6. Benefits of Continuous Auditing
• Process Owners react to problems/opportunities that are
quantified
• Identification of business process improvement
opportunities
• Improved likelihood of detecting material errors
• Timely identification of issues allows rapid resolution
• Better, more current information for decision making
• Easier compliance with regulations
• More comprehensive audit coverage
• Better quality data and processes
• Greater deterrence of fraud and other undesirable
behaviors
Continuous Auditing and Controls Optimisation 6
7. Key Continuous Auditing (CA) Milestones
Now • Management Committee endorsement
• Application of analytics to data
• Designation of CA partner
• Initial client value proposition statement
1M • Identification of pilot unit/area
• Audit policy development
2M • Development of client data acquisition system
• Development of advanced analytic engine
4M • Client trials of new technologies and audit methods
• Audit operational plans
8M • Roll out
Easy Challenging Really Hard
Continuous Auditing and Controls Optimisation 7
8. Business Deliverables
• Short Term Offerings – Available now
– Data quality assessment
– Audit planning system
– Expanded use of analytic techniques
in ongoing audits
• Medium Term
– Deliver higher quality audit with reduced effort
– Reduce audit risk
– Delivering more value to business
– Change business model of audit
Continuous Auditing and Controls Optimisation 8
9. CONTINUOUS AUDITING
FOR SEGREGATION OF
DUTIES
Continuous Auditing and Controls Optimisation 9
10. Benefits of Improved Process
• Automated reports with audit trails identifying
exceptions to controls and mitigation uses
• Reduced cost of monitoring controls
• Reduction of over 3,000 violations within a 60 day
period
• Closed out 2 audit findings related to excessive access
and monitoring
• Provided a common data set for Finance, IT Security,
Business Controls, and SAP team to drive improvement
Continuous Auditing and Controls Optimisation 10
11. Reduced SOD Violations by Two Thirds
in Less than two Months
High Priority Segregation of Duties Violations
Sept 27 to Nov 30
3,600
3,500
3,000
2,500
2,000
1,500
1,000 427
500
0
Sept 27 Oct 10 Oct 31 Nov 15 30-Nov
Continuous Auditing and Controls Optimisation 11
12. Identifying opportunity for Automation
• Implement automated workflow for role approval, on-
boarding process and SOD waiver process:
– Reduce high-cost co-sourcing support .
– Reduce manual process such as Excel spreadsheet and .PST
administration (for audit).
Continuous Auditing and Controls Optimisation 12
14. Identify Fraud using Continuous Auditing
– Fraud Analysis – A simple analysis of data such as payroll, employee, vendor,
accounts payable, and accounts receivable can help determine if fraud is
occurring.
– Payroll Fraud
• Duplicates (i.e. payees on same date, same or similar names, SSNs, direct
deposit account numbers)
• Paychecks being created for employees that have no time and attendance,
invalid SSN, no expenses, no vacation, little or scare personnel records,
etc
• Wages inconsistent with job classification
• Pay date precedes employment date
• Terminated employees continuing to be paid
– Purchasing Fraud
• Duplicate disbursement amounts
• Duplicate invoice numbers/dates
• Duplicate disbursements on same date
• Disbursement to vendor not in vendor database
• Vendor name/address/phone # same as employee name/address/phone #
• Invoice’s “pay to” address different from address in vendor or contract
database
Continuous Auditing and Controls Optimisation 14
15. Fraud
– Use Benford’s Law to identify anomalous transactions in:
• Accounts payable and expenses
• Accounts receivable and sales
• Refunds
• Payroll
• Estimations in the general ledger
– Invented, contrived, or manipulated numbers do not follow
Benford’s Law
– Doesn’t apply to all data sets
• i.e. sets of data with numbers that have imposed
ceilings or floors such as IRA contributions or hourly
wage rates
– Human analysis of anomalies is needed
Continuous Auditing and Controls Optimisation 15