SlideShare a Scribd company logo

Data Analytics 3 Analytics Techniques

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools. While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques. Webinar 3 Analytics Techniques Conducting the Audit Obtaining Information from IT Systems for Analysis Use of Computer Assisted Audit Techniques Analysis of Big Data Results Analysis and Validation Fraud Detection using Data Analysis Root Cause Analysis

Data & Analytics
1 of 34
Download to read offline
3/27/2019 1 Data Analytics - 3 Analytics Techniques based on Data Analytics for Internal Auditors by Richard Cascarino About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
3/27/2019 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, is available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,000 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Training without Travel Webinars focusing on fraud, data analytics, IT audit, and internal audit • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors • NASBA Approved CPE Sponsor Introductions Page 3 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 3 4
3/27/2019 3 About Richard Cascarino, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 5 Today’s Agenda  Analysis of Big Data  Big Data Structures  OLAP  Statistical Analysis and Big Data  Results Analysis and Validation  Substantive Analytical Procedures  Validation  Questionnaire Analysis and Likert Scales  Statistical Reliability Analysis  Fraud Detection using Data Analysis  Red Flags and Indicators  Nature of Computer Fraud  Seeking Fraud Evidence  Planning the Fraud Analysis  Common mistakes in Forensic Analysis  Root Cause Analysis Page 6 5 6
3/27/2019 4 Apache Hadoop  Hadoop Common - contains libraries and utilities needed by other Hadoop modules  Hadoop Distributed File System (HDFS) - a distributed file-system that stores data on commodity machines, providing very high aggregate bandwidth across the cluster.  Hadoop YARN - a resource-management platform responsible for managing compute resources in clusters and using them for scheduling of users' applications.  Hadoop MapReduce - a programming model for large scale data processing. Hadoop Core Components  Hadoop Distributed File System (HDFS)  Massive redundant storage across a commodity cluster  MapReduce  Map: distribute a computational problem across a cluster  Reduce: Master node collects the answers to all the sub-problems and combines them  Many distros available 7 8
3/27/2019 5 Hadoop & Databases Deficiencies of Traditional Approach  Retrospective view analysis frequently occurs long after transaction has taken place, too late for action  Lack of timely visibility into control risks and deficiencies  Alternatively Independently test all transactions for compliance with controls at, or soon after, point at which they occur Not feasible with Big Data 9 10
3/27/2019 6 Control Objectives Haven’t Changed  Accuracy  Authorization  Completeness  Validity  Efficiency and Effectiveness  Segregation of Duties  Regulatory Compliance Continuous Auditing can be used for  Continuous control assessment Identification of control deficiencies Identification of fraud, waste, abuse  Continuous risk assessment Examination of consistency of processes Development of enterprise audit plan Support to individual audits Follow-up on audit recommendations 11 12
3/27/2019 7 Required to Audit /Examine  Identify the control objectives for each business process area  Establish tests that, using transactional data analysis, will validate the achievement of each control objective  Establish tests that will identify suspect transactions, using transactional profiling techniques  Subject all transactions to a test bed of interrogations on a regular, timely basis  Identify all transactions that fail the metrics  Notify the appropriate personnel  Investigate any discrepancies and, as appropriate, Correct the transactions Correct the control problem Required of Continuous Auditing  Able to access and normalize disparate data from across the enterprise  Offer comprehensive range of tests to effectively address control objectives  Provide flexibility of tests as control opportunities change  Provide timely testing of data and reporting of results  Handle large transactional volumes with no negative impact on operational system performance  Provide variable parameters for tests  Provide for alert notifications  Maintain security and integrity of tests and results 13 14
3/27/2019 8 Challenges for the Auditor / Examiner  Obtaining appropriate data access  Defining appropriate measurement metrics  Setting appropriate thresholds for exceptions reporting  Developing appropriate metrics to prioritize exceptions  Minimizing impact on systems’ operational performance Where to Start  Establish audit objectives and requirements  Gain executive-level support  Ascertain degree to which management is performing monitoring role  Select appropriate technology solutions  Identify information sources and gain access  Understand business processes and identify key controls and risks  Build audit skill set  Manage and report results 15 16
3/27/2019 9 Implement Repetitive Scripts Timing  Extensive front-end work required  Monitoring of system changes  Alarm based intervention Defining the appropriate metrics  Automated interim work  Continuous confirmation  Detailed testing only when exceptions noted 17 18
3/27/2019 10 OLAP Conceptual Data Model  Goal of OLAP is to support ad-hoc querying for the business analyst  Business analysts are familiar with spreadsheets  Extend spreadsheet analysis model to work with warehouse data  Multidimensional view of data is the foundation of OLAP OLAP Data Warehouse vs. Data Marts 20 CS 336  Enterprise warehouse: collects all information about subjects (customers,products,sales,assets, personnel) that span the entire organization Requires extensive business modeling (may take years to design and build)  Data Marts: Departmental subsets that focus on selected subjects Marketing data mart: customer, product, sales Faster roll out, but complex integration in the long run  Virtual warehouse: views over operational dbs Materialize sel. summary views for efficient query processing Easy to build but require excess capability on operat. db servers 19 20
3/27/2019 11  On-Line Transaction Processing (OLTP):  technology used to perform updates on operational or transactional systems (e.g., point of sale systems)  On-Line Analytical Processing (OLAP):  technology used to perform complex analysis of the data in a data warehouse  OLAP is a category of software technology that enables analysts, managers, and executives to gain insight into data through fast, consistent, interactive access to a wide variety of possible views of information that has been transformed from raw data to reflect the dimensionality of the enterprise as understood by the user. [source: OLAP Council: www.olapcouncil.org] OLTP vs. OLAP OLTP vs. OLAP  Clerk, IT Professional  Day to day operations  Application-oriented (E-R based)  Current, Isolated  Detailed, Flat relational  Structured, Repetitive  Short, Simple transaction  Read/write  Index/hash on prim. Key  Tens  Thousands  100 MB-GB  Trans. throughput  Knowledge worker  Decision support  Subject-oriented (Star, snowflake)  Historical, Consolidated  Summarized, Multidimensional  Ad hoc  Complex query  Read Mostly  Lots of Scans  Millions  Hundreds  100GB-TB  Query throughput, response User Function DB Design Data View Usage Unit of work Access Operations # Records accessed #Users Db size Metric OLTP OLAP Source: Datta, GT 21 22
3/27/2019 12 Approaches to OLAP Servers  Multidimensional OLAP (MOLAP) Array-based storage structures Direct access to array data structures Example: Essbase (Arbor)  Relational OLAP (ROLAP) Relational and Specialized Relational DBMS to store and manage warehouse data OLAP middleware to support missing pieces Optimize for each DBMS backend Aggregation Navigation Logic Additional tools and services Example: Microstrategy, MetaCube (Informix) The Complete Decision Support System 24 Information Sources Data Warehouse Server (Tier 1) OLAP Servers (Tier 2) Clients (Tier 3) Operational DB’s Semistructured Sources extract transform load refresh etc. Data Marts Data Warehouse e.g., MOLAP e.g., ROLAP serve Analysis Query/Reporting Data Mining serve serve 23 24
3/27/2019 13 Tools: Warehouse Servers  The RDBMS dominates: Oracle 8i/9i IBM DB2 Microsoft SQL Server Informix (IBM) Red Brick Warehouse (Informix/IBM) NCR Teradata Sybase… Tools: OLAP Servers  Support multidimensional OLAP queries  Often characterized by how the underlying data stored  Relational OLAP (ROLAP) Servers Data stored in relational tables Examples: Microstrategy Intelligence Server, MetaCube (Informix/IBM)  Multidimensional OLAP (MOLAP) Servers Data stored in array-based structures Examples: Hyperion Essbase, Fusion (Information Builders)  Hybrid OLAP (HOLAP) Examples: PowerPlay (Cognos), Brio, Microsoft Analysis Services, Oracle Advanced Analytic Services 25 26
3/27/2019 14 Statistical Analysis  Big Data and Analytics is generally thought to be about: Business Intelligence and Analytics Computational Science  But also includes: Demographic Analysis Geointelligence: Spatial Analysis The Grand Challenges in Science Medicine: Processing 3-D hyperspectral high resolution images for diagnostics, genomic research, Proteonomics, etc. Media Analysis: Processing text, audio, video, imagery And much, much more ….. Advanced Analytics  Go beyond data mining and statistical processing methods encompass logic-based methods, qualitative analytics, and non- statistical quantitative methods.  Diverse set of techniques that require new software architectures and application frameworks to solve complex problems.  New metrics focus on the contributions of the value of the analysis as a holistic result are required to assess and evaluate the outcomes of advanced analytics. 28 27 28
3/27/2019 15 Types of Analytics  Descriptive: A set of techniques for reviewing and examining the data set(s) to understand the data and analyze business performance.  Diagnostic: A set of techniques for determine what has happened and why  Predictive: A set of techniques that analyze current and historical data to determine what is most likely to (not) happen  Prescriptive: A set of techniques for computationally developing and analyzing alternatives that can become courses of action – either tactical or strategic – that may discover the unexpected  Decisive: A set of techniques for visualizing information and recommending courses of action to facilitate human decision-making when presented with a set of alternatives. 30 Analytics and Assertions Assertions  Existence or Occurrence  Completeness  Rights & Obligations  Valuation or Allocation  Presentation & Disclosure 29 30
3/27/2019 16 31 Substantive Tests  Tests of details Transactions Balances  Analytical tests 32 Analytical Procedures  Evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data SAS No. 56 31 32
3/27/2019 17 33 Tests of Details VS. Analytical Tests  Comparisons Tests of details tests all 5 assertions but analytical procedures do not support existence or rights & obligations Analytical procedures are high level tests Tests of details lead to conclusions about aggregated data but analytical procedures test aggregated data GBW 8th ed., Ch. 6 Types of Analytical Procedures  Trend analysis  Ratio analysis Activity ratios Profitability ratios Liquidity ratios Solvency ratios  Modeling Statistical tests, i.e., regression 33 34
3/27/2019 18 Data Validation  Process by which the auditor verifies the accuracy and completeness of information obtained or derived prior to analysis  Inconsistencies identified at this stage need to be examined and, where appropriate, corrected prior to the actual analysis taking place 35 Validation may be done by  Data Type Validation  Format checking  Length checking  Existence checks  Range checks  Cross-reference verification  Referential integrity validation  Check digit validation  Data Cardinality  Hash checking  Data field uniqueness validation 36 35 36
3/27/2019 19 Questionnaire Analysis and Likert Scales 37 Likert  commonly associated with interval data The difference between +2 and +1 is the same as the difference between +1 and 0)  Although the response levels have relative position they are not interval scales and cannot be treated as such from a statistical standpoint Average of Strongly Agree and Agree cannot be said to be Agree and ½ 38 37 38
3/27/2019 20 Statistical Reliability  Whether it produces identical results in repeated applications Stability  Ensuring consistent results with repeated measurement on the same scale Equivalence  Determining how much error was introduced by different investigators or different samples Internal Consistency  Considers the consistency or homogeneity among the items of an instrument  External Validity measures the ability to be generalised 39 Internal Validity  Content or Face Validity determines whether the measuring instrument provides adequate coverage of the topic  Criterion-related Validity determines the success of the measures used for empirical estimating purposes  Construct Validity both Convergent and Discriminant involve comparison to previously assessed results  Measured by: Cronbach’s alpha (or coefficient alpha) 40 39 40
3/27/2019 21 “Fraud and deceit abound in these days more than in former times”. SIR EDWARD COKE Twyne's Case (1602) Occupational Fraud and Abuse Asset Misappropriations Corruption Fraudulent Statements Conflicts of Interest Bribery Illegal Gratuities Economic Extortion Inventory & All Other Assets Cash Nonfinancial Financial 41 42
3/27/2019 22 Jargon Skimming: Taking funds before they are recorded into company records Cash Larceny: Taking funds (e.g., check) that company recorded as going to another party Lapping: Theft is covered with another person’s check (and so on) Check Tampering: Forged or altered check for gain Shell Company: Payments made to fake company Payroll Manipulation: Ghost employees, falsified hours, understated leave/vacation time Fraudulent Write-off: Useful assets written off as junk Collusion: Two or more employees or employee & vendor defraud together False Shipping Orders or Missing/Defective Receiving Record: Inventory theft 43 Nature of Computer Fraud Trojan Horse / Logic Bombs / Trap Doors Use of Unauthorized Coding Salami Techniques A small amount from everyone Viruses Mainframe as well as Micro Sabotage and Industrial Espionage Degrading Systems Performance Leaking Confidential Information Management Fraud Cooked Books 44 43 44
3/27/2019 23 Fraud Example 45 Dummy 1 Dummy 5Dummy 2 Dummy 3 Dummy 4 Customer Account Aus UK Switz HK USA Timescale  Over 15 years  Discovered by accident  +/- $ 300m  Multiple Country  Multiple Banks  Using a variety of IT 46 45 46
3/27/2019 24 From Excel 47 And Also 48 47 48
3/27/2019 25 Into IDEA 49 And More 50 49 50
3/27/2019 26 Detection  Commonly detected by Operating performance anomalies.  Organisational Structure.  Management characteristics.  Accounting anomalies.  Internal control weaknesses.  Analytical anomalies.  Unusual behaviour. 51 Methodology  Pre-incident Preparation  Detection of incidents  Initial response  Response strategy formulation  Forensic Backups  Investigation  Security restoration implementation  Network monitoring  Recovery  Reporting  Follow-up 52 51 52
3/27/2019 27 IT Forensic Jargon Evidence media  The original media to be investigated Target media  the media duplicated onto Restored image  copy of the forensic image restored to its original bootable form Native operating system  the OS used on the restored image Live analysis  analysis conducted on the actual evidence media Offline analysis  analysis conducted using the target media or restored image 53 Forensic Analysis  Physical Analysis String search DOS-based StringSearch - http://www.maresware.com Search and extract eg $4A $46 $49 $46 $00 $01 is start of a JPEG file http://www.wotsit.org File slack and free space extraction http://www.nti.com  Logical Analysis Logical File space Slack space Unallocated space 54 53 54
3/27/2019 28 Computer Evidence... ...is like any other evidence, it must be:  admissible  authentic  accurate  complete  convincing to juries Computer Evidence... authentic  can we explicitly link files, data to specific individuals and events? access control logging, audit logs collateral evidence crypto-based authentication 55 56
3/27/2019 29 Computer Evidence... accurate  reliability of computer process not data content  can we explain how an exhibit came into being? what does the computer system do? what are its inputs? what are the internal processes? what are the controls? 58 Authentication  Must offer evidence “sufficient to support a finding that the [computer record or other evidence] in question is what its proponent claims.”  Degree of authentication does not vary simply because a record happens to be (or has been at one point) in electronic form  Challenges to authenticity  Were the records altered, manipulated or damaged after they were created?  Courts are skeptical of unsupported claims or alteration  Reliability of the computer program that generated the records  Program routinely relied upon in the normal course of business  Identity of the author of the records  Corroborate with circumstantial evidence 57 58
3/27/2019 30 59 Hearsay Problems  Computer records may or may not be “hearsay evidence” Contents of records with assertions attributed to a third party and presented as evidence may be considered hearsay Documents written by a person and produced by the computer Computer generated records where humans were not involved in any way (i.e., internally generated by the computer) are not hearsay Logs The Business Records Rule  “Records of regularly conducted activity. A memorandum, report, record, or data compilation, in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record, or data compilation, all as shown by the testimony of the custodian or other qualified witness, or by certification that complies with Rule 902(11),Rule 902(12), or a statute permitting certification, unless the source of information or the method or circumstances of preparation indicate lack of trustworthiness.”  -- Fed. R. Evid. 803(6) 60 59 60
3/27/2019 31 Common Mistakes  Ensure that proper documentation is maintained of all processes carried out in the execution of the analysis  Failing to control the digital  Altering date and time stamps on evidence systems before recording them  Using un-trusted commands and tools  Accidentally overwriting evidence when installing audit interrogation tools  Termination of rogue processes prematurely 61 “It’s just a non-transaction. It’s an error. It’s a back office glitch. Don’t worry about it!” JAMES BAX (BARINGS BANK) 61 62
3/27/2019 32 Root Cause Analysis  The fishbone diagram (Ishikawa Diagram) 63 Root Cause Analysis  Process mapping each step of a process is mapped out so that problem areas/bottlenecks in the process can be identified and improved.  The five why’s asking the question why something has happened five times – each times drilling down further to get to the root cause of the problem.  Tree diagrams in which the auditor will state the problem with causes listed as branches to the right of the problem. Causes continue to be clarified drawing additional branches to the right until each branch reaches its logical end. 64 63 64
3/27/2019 33 Root Cause Analysis  Event and causal factor analysis An extended version of the Ishikawa diagram used for multifaceted problems or for the analysis of long and complex causal factor chains  Pareto analysis named after the Italian economist Vilfredo Pareto (1907) described the unequal wealth of the country in terms that 20% of the population owned 80% of the resources  Change analysis used when a problem is obscure, typically a single occurrence, and focuses on those items in the environment which have changed since the non-problematic state 65 Questions? Any Questions? Don’t be Shy! 65 66
3/27/2019 34 AuditNet® and cRisk Academy If you would like forever access to this webinar recording If you are watching the recording, and would like to obtain CPE credit for this webinar Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week Thank You! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino Page 68 67 68

Recommended

Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and Monitoring
Jim Kaplan CIA CFE
 
Data analytics for auditors Using the Analysis
Data analytics for auditors Using the AnalysisData analytics for auditors Using the Analysis
Data analytics for auditors Using the Analysis
Jim Kaplan CIA CFE
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
Jim Kaplan CIA CFE
 
Data Analytics for Auditors Data Analytics Software
Data Analytics for Auditors Data Analytics Software Data Analytics for Auditors Data Analytics Software
Data Analytics for Auditors Data Analytics Software
Jim Kaplan CIA CFE
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
AstalapulosListestos
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
Jim Kaplan CIA CFE
 
20150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv220150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv2
Jim Kaplan CIA CFE
 
Leveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Leveraging Technology Using Keyword Analytics in Fraud and Compliance MonitoringLeveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Leveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Jim Kaplan CIA CFE
 

Recommended

Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and Monitoring
Jim Kaplan CIA CFE
 
Data analytics for auditors Using the Analysis
Data analytics for auditors Using the AnalysisData analytics for auditors Using the Analysis
Data analytics for auditors Using the Analysis
Jim Kaplan CIA CFE
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
Jim Kaplan CIA CFE
 
Data Analytics for Auditors Data Analytics Software
Data Analytics for Auditors Data Analytics Software Data Analytics for Auditors Data Analytics Software
Data Analytics for Auditors Data Analytics Software
Jim Kaplan CIA CFE
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
AstalapulosListestos
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
Jim Kaplan CIA CFE
 
20150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv220150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv2
Jim Kaplan CIA CFE
 
Leveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Leveraging Technology Using Keyword Analytics in Fraud and Compliance MonitoringLeveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Leveraging Technology Using Keyword Analytics in Fraud and Compliance Monitoring
Jim Kaplan CIA CFE
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
AstalapulosListestos
 
Acams lv presentation attivio
Acams lv presentation attivioAcams lv presentation attivio
Acams lv presentation attivio
Jane Zupan
 
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Erin Lally
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data Analytics
Jim Kaplan CIA CFE
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
Francois Combrinck CBAP
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
Andrew Simpson
 
Ignorance Is Risk
Ignorance Is RiskIgnorance Is Risk
Ignorance Is Risk
Jeromie Jackson
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316
Eric Morehead
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
Darren Surin, BSc, MBA, PMP, ITIL
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
Tapas Bhattacharya
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
Jim Kaplan CIA CFE
 
4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies
Kaizenlogcom
 
Presentation Influencing Factors
Presentation Influencing FactorsPresentation Influencing Factors
Presentation Influencing Factors
taco_dols
 
It12015
It12015It12015
It12015
Jim Kaplan CIA CFE
 
Data analytics software selection and implementation
Data analytics software selection and implementationData analytics software selection and implementation
Data analytics software selection and implementation
Jim Kaplan CIA CFE
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
Jim Kaplan CIA CFE
 
Best Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsBest Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your Audits
FraudBusters
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
Wafaa N. AbuSadah
 
Internal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramInternal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA Program
Auxis Consulting & Outsourcing
 
Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013
mcoello
 

More Related Content

What's hot

Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
AstalapulosListestos
 
Acams lv presentation attivio
Acams lv presentation attivioAcams lv presentation attivio
Acams lv presentation attivio
Jane Zupan
 
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Erin Lally
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data Analytics
Jim Kaplan CIA CFE
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
Francois Combrinck CBAP
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
Andrew Simpson
 
Ignorance Is Risk
Ignorance Is RiskIgnorance Is Risk
Ignorance Is Risk
Jeromie Jackson
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316
Eric Morehead
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
Darren Surin, BSc, MBA, PMP, ITIL
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
Tapas Bhattacharya
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
Jim Kaplan CIA CFE
 
4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies
Kaizenlogcom
 
Presentation Influencing Factors
Presentation Influencing FactorsPresentation Influencing Factors
Presentation Influencing Factors
taco_dols
 
It12015
It12015It12015
It12015
Jim Kaplan CIA CFE
 

What's hot (16)

Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
 
Acams lv presentation attivio
Acams lv presentation attivioAcams lv presentation attivio
Acams lv presentation attivio
 
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
Achieving Compliance Efficiencies Amid Heightened Regulatory Scruntiny
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data Analytics
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
 
Ignorance Is Risk
Ignorance Is RiskIgnorance Is Risk
Ignorance Is Risk
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 
4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies4 best practices_using finance applications for better process efficiencies
4 best practices_using finance applications for better process efficiencies
 
Presentation Influencing Factors
Presentation Influencing FactorsPresentation Influencing Factors
Presentation Influencing Factors
 
It12015
It12015It12015
It12015
 

Similar to Data Analytics 3 Analytics Techniques

Data analytics software selection and implementation
Data analytics software selection and implementationData analytics software selection and implementation
Data analytics software selection and implementation
Jim Kaplan CIA CFE
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
Jim Kaplan CIA CFE
 
Best Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsBest Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your Audits
FraudBusters
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
Wafaa N. AbuSadah
 
Internal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramInternal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA Program
Auxis Consulting & Outsourcing
 
Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013
mcoello
 
Get your data analytics strategy right!
Get your data analytics strategy right!Get your data analytics strategy right!
Get your data analytics strategy right!
SPAN Infotech (India) Pvt Ltd
 
Introduction to Business Intelligence
Introduction to Business IntelligenceIntroduction to Business Intelligence
Introduction to Business Intelligence
Almog Ramrajkar
 
Business inteligence
Business inteligenceBusiness inteligence
Business inteligence
Mufaddal Nullwala
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
Emma Kelly
 
Leverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your OrganizationLeverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your Organization
RKLeSolutions
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
centralohioissa
 
Machine Data Analytics
Machine Data AnalyticsMachine Data Analytics
Machine Data Analytics
Nicolas Morales
 
Data Quality Management: Cleaner Data, Better Reporting
Data Quality Management: Cleaner Data, Better ReportingData Quality Management: Cleaner Data, Better Reporting
Data Quality Management: Cleaner Data, Better Reporting
accenture
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
jadams6
 
Intro of Key Features of Soft CAAT Ent Software
Intro of Key Features of Soft CAAT Ent SoftwareIntro of Key Features of Soft CAAT Ent Software
Intro of Key Features of Soft CAAT Ent Software
rafeq
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
ExtraHop Networks
 
Financial Analytics pafp 11-21-13
Financial Analytics pafp 11-21-13Financial Analytics pafp 11-21-13
Financial Analytics pafp 11-21-13
gristak
 
The Role of AI and Automation
The Role of AI and Automation The Role of AI and Automation
The Role of AI and Automation
mcoello
 

Similar to Data Analytics 3 Analytics Techniques (20)

Data analytics software selection and implementation
Data analytics software selection and implementationData analytics software selection and implementation
Data analytics software selection and implementation
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
 
Best Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your AuditsBest Practices: Planning Data Analytic into Your Audits
Best Practices: Planning Data Analytic into Your Audits
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
 
Internal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramInternal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA Program
 
Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013Presentation in ACL Connections in Atlanta - April 2013
Presentation in ACL Connections in Atlanta - April 2013
 
Get your data analytics strategy right!
Get your data analytics strategy right!Get your data analytics strategy right!
Get your data analytics strategy right!
 
Introduction to Business Intelligence
Introduction to Business IntelligenceIntroduction to Business Intelligence
Introduction to Business Intelligence
 
Business inteligence
Business inteligenceBusiness inteligence
Business inteligence
 
Too much data and not enough analytics!
Too much data and not enough analytics!Too much data and not enough analytics!
Too much data and not enough analytics!
 
Leverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your OrganizationLeverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your Organization
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
 
Machine Data Analytics
Machine Data AnalyticsMachine Data Analytics
Machine Data Analytics
 
Data Quality Management: Cleaner Data, Better Reporting
Data Quality Management: Cleaner Data, Better ReportingData Quality Management: Cleaner Data, Better Reporting
Data Quality Management: Cleaner Data, Better Reporting
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
 
Intro of Key Features of Soft CAAT Ent Software
Intro of Key Features of Soft CAAT Ent SoftwareIntro of Key Features of Soft CAAT Ent Software
Intro of Key Features of Soft CAAT Ent Software
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
 
Financial Analytics pafp 11-21-13
Financial Analytics pafp 11-21-13Financial Analytics pafp 11-21-13
Financial Analytics pafp 11-21-13
 
The Role of AI and Automation
The Role of AI and Automation The Role of AI and Automation
The Role of AI and Automation
 

More from Jim Kaplan CIA CFE

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
Jim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
Jim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
Jim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
Jim Kaplan CIA CFE
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (20)

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 

Recently uploaded

一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
slg6lamcq
 
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
apvysm8
 
Build applications with generative AI on Google Cloud
Build applications with generative AI on Google CloudBuild applications with generative AI on Google Cloud
Build applications with generative AI on Google Cloud
Márton Kodok
 
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
wyddcwye1
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
ElizabethGarrettChri
 
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
y3i0qsdzb
 
Intelligence supported media monitoring in veterinary medicine
Intelligence supported media monitoring in veterinary medicineIntelligence supported media monitoring in veterinary medicine
Intelligence supported media monitoring in veterinary medicine
AndrzejJarynowski
 
writing report business partner b1+ .pdf
writing report business partner b1+ .pdfwriting report business partner b1+ .pdf
writing report business partner b1+ .pdf
VyNguyen709676
 
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCAModule 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
yuvarajkumar334
 
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
z6osjkqvd
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
Social Samosa
 
Challenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more importantChallenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more important
Sm321
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Kiwi Creative
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
sameer shah
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
Walaa Eldin Moustafa
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
Sachin Paul
 
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
a9qfiubqu
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
Lars Albertsson
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Kaxil Naik
 
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
nuttdpt
 

Recently uploaded (20)

一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
 
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
 
Build applications with generative AI on Google Cloud
Build applications with generative AI on Google CloudBuild applications with generative AI on Google Cloud
Build applications with generative AI on Google Cloud
 
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
原版一比一利兹贝克特大学毕业证(LeedsBeckett毕业证书)如何办理
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
 
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
 
Intelligence supported media monitoring in veterinary medicine
Intelligence supported media monitoring in veterinary medicineIntelligence supported media monitoring in veterinary medicine
Intelligence supported media monitoring in veterinary medicine
 
writing report business partner b1+ .pdf
writing report business partner b1+ .pdfwriting report business partner b1+ .pdf
writing report business partner b1+ .pdf
 
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCAModule 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
 
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
 
Challenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more importantChallenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more important
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
 
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
原版一比一弗林德斯大学毕业证(Flinders毕业证书)如何办理
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
 
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
一比一原版(UCSB文凭证书)圣芭芭拉分校毕业证如何办理
 

Data Analytics 3 Analytics Techniques

  • 1. 3/27/2019 1 Data Analytics - 3 Analytics Techniques based on Data Analytics for Internal Auditors by Richard Cascarino About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
  • 2. 3/27/2019 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, is available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,000 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Training without Travel Webinars focusing on fraud, data analytics, IT audit, and internal audit • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors • NASBA Approved CPE Sponsor Introductions Page 3 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 3 4
  • 3. 3/27/2019 3 About Richard Cascarino, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 5 Today’s Agenda  Analysis of Big Data  Big Data Structures  OLAP  Statistical Analysis and Big Data  Results Analysis and Validation  Substantive Analytical Procedures  Validation  Questionnaire Analysis and Likert Scales  Statistical Reliability Analysis  Fraud Detection using Data Analysis  Red Flags and Indicators  Nature of Computer Fraud  Seeking Fraud Evidence  Planning the Fraud Analysis  Common mistakes in Forensic Analysis  Root Cause Analysis Page 6 5 6
  • 4. 3/27/2019 4 Apache Hadoop  Hadoop Common - contains libraries and utilities needed by other Hadoop modules  Hadoop Distributed File System (HDFS) - a distributed file-system that stores data on commodity machines, providing very high aggregate bandwidth across the cluster.  Hadoop YARN - a resource-management platform responsible for managing compute resources in clusters and using them for scheduling of users' applications.  Hadoop MapReduce - a programming model for large scale data processing. Hadoop Core Components  Hadoop Distributed File System (HDFS)  Massive redundant storage across a commodity cluster  MapReduce  Map: distribute a computational problem across a cluster  Reduce: Master node collects the answers to all the sub-problems and combines them  Many distros available 7 8
  • 5. 3/27/2019 5 Hadoop & Databases Deficiencies of Traditional Approach  Retrospective view analysis frequently occurs long after transaction has taken place, too late for action  Lack of timely visibility into control risks and deficiencies  Alternatively Independently test all transactions for compliance with controls at, or soon after, point at which they occur Not feasible with Big Data 9 10
  • 6. 3/27/2019 6 Control Objectives Haven’t Changed  Accuracy  Authorization  Completeness  Validity  Efficiency and Effectiveness  Segregation of Duties  Regulatory Compliance Continuous Auditing can be used for  Continuous control assessment Identification of control deficiencies Identification of fraud, waste, abuse  Continuous risk assessment Examination of consistency of processes Development of enterprise audit plan Support to individual audits Follow-up on audit recommendations 11 12
  • 7. 3/27/2019 7 Required to Audit /Examine  Identify the control objectives for each business process area  Establish tests that, using transactional data analysis, will validate the achievement of each control objective  Establish tests that will identify suspect transactions, using transactional profiling techniques  Subject all transactions to a test bed of interrogations on a regular, timely basis  Identify all transactions that fail the metrics  Notify the appropriate personnel  Investigate any discrepancies and, as appropriate, Correct the transactions Correct the control problem Required of Continuous Auditing  Able to access and normalize disparate data from across the enterprise  Offer comprehensive range of tests to effectively address control objectives  Provide flexibility of tests as control opportunities change  Provide timely testing of data and reporting of results  Handle large transactional volumes with no negative impact on operational system performance  Provide variable parameters for tests  Provide for alert notifications  Maintain security and integrity of tests and results 13 14
  • 8. 3/27/2019 8 Challenges for the Auditor / Examiner  Obtaining appropriate data access  Defining appropriate measurement metrics  Setting appropriate thresholds for exceptions reporting  Developing appropriate metrics to prioritize exceptions  Minimizing impact on systems’ operational performance Where to Start  Establish audit objectives and requirements  Gain executive-level support  Ascertain degree to which management is performing monitoring role  Select appropriate technology solutions  Identify information sources and gain access  Understand business processes and identify key controls and risks  Build audit skill set  Manage and report results 15 16
  • 9. 3/27/2019 9 Implement Repetitive Scripts Timing  Extensive front-end work required  Monitoring of system changes  Alarm based intervention Defining the appropriate metrics  Automated interim work  Continuous confirmation  Detailed testing only when exceptions noted 17 18
  • 10. 3/27/2019 10 OLAP Conceptual Data Model  Goal of OLAP is to support ad-hoc querying for the business analyst  Business analysts are familiar with spreadsheets  Extend spreadsheet analysis model to work with warehouse data  Multidimensional view of data is the foundation of OLAP OLAP Data Warehouse vs. Data Marts 20 CS 336  Enterprise warehouse: collects all information about subjects (customers,products,sales,assets, personnel) that span the entire organization Requires extensive business modeling (may take years to design and build)  Data Marts: Departmental subsets that focus on selected subjects Marketing data mart: customer, product, sales Faster roll out, but complex integration in the long run  Virtual warehouse: views over operational dbs Materialize sel. summary views for efficient query processing Easy to build but require excess capability on operat. db servers 19 20
  • 11. 3/27/2019 11  On-Line Transaction Processing (OLTP):  technology used to perform updates on operational or transactional systems (e.g., point of sale systems)  On-Line Analytical Processing (OLAP):  technology used to perform complex analysis of the data in a data warehouse  OLAP is a category of software technology that enables analysts, managers, and executives to gain insight into data through fast, consistent, interactive access to a wide variety of possible views of information that has been transformed from raw data to reflect the dimensionality of the enterprise as understood by the user. [source: OLAP Council: www.olapcouncil.org] OLTP vs. OLAP OLTP vs. OLAP  Clerk, IT Professional  Day to day operations  Application-oriented (E-R based)  Current, Isolated  Detailed, Flat relational  Structured, Repetitive  Short, Simple transaction  Read/write  Index/hash on prim. Key  Tens  Thousands  100 MB-GB  Trans. throughput  Knowledge worker  Decision support  Subject-oriented (Star, snowflake)  Historical, Consolidated  Summarized, Multidimensional  Ad hoc  Complex query  Read Mostly  Lots of Scans  Millions  Hundreds  100GB-TB  Query throughput, response User Function DB Design Data View Usage Unit of work Access Operations # Records accessed #Users Db size Metric OLTP OLAP Source: Datta, GT 21 22
  • 12. 3/27/2019 12 Approaches to OLAP Servers  Multidimensional OLAP (MOLAP) Array-based storage structures Direct access to array data structures Example: Essbase (Arbor)  Relational OLAP (ROLAP) Relational and Specialized Relational DBMS to store and manage warehouse data OLAP middleware to support missing pieces Optimize for each DBMS backend Aggregation Navigation Logic Additional tools and services Example: Microstrategy, MetaCube (Informix) The Complete Decision Support System 24 Information Sources Data Warehouse Server (Tier 1) OLAP Servers (Tier 2) Clients (Tier 3) Operational DB’s Semistructured Sources extract transform load refresh etc. Data Marts Data Warehouse e.g., MOLAP e.g., ROLAP serve Analysis Query/Reporting Data Mining serve serve 23 24
  • 13. 3/27/2019 13 Tools: Warehouse Servers  The RDBMS dominates: Oracle 8i/9i IBM DB2 Microsoft SQL Server Informix (IBM) Red Brick Warehouse (Informix/IBM) NCR Teradata Sybase… Tools: OLAP Servers  Support multidimensional OLAP queries  Often characterized by how the underlying data stored  Relational OLAP (ROLAP) Servers Data stored in relational tables Examples: Microstrategy Intelligence Server, MetaCube (Informix/IBM)  Multidimensional OLAP (MOLAP) Servers Data stored in array-based structures Examples: Hyperion Essbase, Fusion (Information Builders)  Hybrid OLAP (HOLAP) Examples: PowerPlay (Cognos), Brio, Microsoft Analysis Services, Oracle Advanced Analytic Services 25 26
  • 14. 3/27/2019 14 Statistical Analysis  Big Data and Analytics is generally thought to be about: Business Intelligence and Analytics Computational Science  But also includes: Demographic Analysis Geointelligence: Spatial Analysis The Grand Challenges in Science Medicine: Processing 3-D hyperspectral high resolution images for diagnostics, genomic research, Proteonomics, etc. Media Analysis: Processing text, audio, video, imagery And much, much more ….. Advanced Analytics  Go beyond data mining and statistical processing methods encompass logic-based methods, qualitative analytics, and non- statistical quantitative methods.  Diverse set of techniques that require new software architectures and application frameworks to solve complex problems.  New metrics focus on the contributions of the value of the analysis as a holistic result are required to assess and evaluate the outcomes of advanced analytics. 28 27 28
  • 15. 3/27/2019 15 Types of Analytics  Descriptive: A set of techniques for reviewing and examining the data set(s) to understand the data and analyze business performance.  Diagnostic: A set of techniques for determine what has happened and why  Predictive: A set of techniques that analyze current and historical data to determine what is most likely to (not) happen  Prescriptive: A set of techniques for computationally developing and analyzing alternatives that can become courses of action – either tactical or strategic – that may discover the unexpected  Decisive: A set of techniques for visualizing information and recommending courses of action to facilitate human decision-making when presented with a set of alternatives. 30 Analytics and Assertions Assertions  Existence or Occurrence  Completeness  Rights & Obligations  Valuation or Allocation  Presentation & Disclosure 29 30
  • 16. 3/27/2019 16 31 Substantive Tests  Tests of details Transactions Balances  Analytical tests 32 Analytical Procedures  Evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data SAS No. 56 31 32
  • 17. 3/27/2019 17 33 Tests of Details VS. Analytical Tests  Comparisons Tests of details tests all 5 assertions but analytical procedures do not support existence or rights & obligations Analytical procedures are high level tests Tests of details lead to conclusions about aggregated data but analytical procedures test aggregated data GBW 8th ed., Ch. 6 Types of Analytical Procedures  Trend analysis  Ratio analysis Activity ratios Profitability ratios Liquidity ratios Solvency ratios  Modeling Statistical tests, i.e., regression 33 34
  • 18. 3/27/2019 18 Data Validation  Process by which the auditor verifies the accuracy and completeness of information obtained or derived prior to analysis  Inconsistencies identified at this stage need to be examined and, where appropriate, corrected prior to the actual analysis taking place 35 Validation may be done by  Data Type Validation  Format checking  Length checking  Existence checks  Range checks  Cross-reference verification  Referential integrity validation  Check digit validation  Data Cardinality  Hash checking  Data field uniqueness validation 36 35 36
  • 19. 3/27/2019 19 Questionnaire Analysis and Likert Scales 37 Likert  commonly associated with interval data The difference between +2 and +1 is the same as the difference between +1 and 0)  Although the response levels have relative position they are not interval scales and cannot be treated as such from a statistical standpoint Average of Strongly Agree and Agree cannot be said to be Agree and ½ 38 37 38
  • 20. 3/27/2019 20 Statistical Reliability  Whether it produces identical results in repeated applications Stability  Ensuring consistent results with repeated measurement on the same scale Equivalence  Determining how much error was introduced by different investigators or different samples Internal Consistency  Considers the consistency or homogeneity among the items of an instrument  External Validity measures the ability to be generalised 39 Internal Validity  Content or Face Validity determines whether the measuring instrument provides adequate coverage of the topic  Criterion-related Validity determines the success of the measures used for empirical estimating purposes  Construct Validity both Convergent and Discriminant involve comparison to previously assessed results  Measured by: Cronbach’s alpha (or coefficient alpha) 40 39 40
  • 21. 3/27/2019 21 “Fraud and deceit abound in these days more than in former times”. SIR EDWARD COKE Twyne's Case (1602) Occupational Fraud and Abuse Asset Misappropriations Corruption Fraudulent Statements Conflicts of Interest Bribery Illegal Gratuities Economic Extortion Inventory & All Other Assets Cash Nonfinancial Financial 41 42
  • 22. 3/27/2019 22 Jargon Skimming: Taking funds before they are recorded into company records Cash Larceny: Taking funds (e.g., check) that company recorded as going to another party Lapping: Theft is covered with another person’s check (and so on) Check Tampering: Forged or altered check for gain Shell Company: Payments made to fake company Payroll Manipulation: Ghost employees, falsified hours, understated leave/vacation time Fraudulent Write-off: Useful assets written off as junk Collusion: Two or more employees or employee & vendor defraud together False Shipping Orders or Missing/Defective Receiving Record: Inventory theft 43 Nature of Computer Fraud Trojan Horse / Logic Bombs / Trap Doors Use of Unauthorized Coding Salami Techniques A small amount from everyone Viruses Mainframe as well as Micro Sabotage and Industrial Espionage Degrading Systems Performance Leaking Confidential Information Management Fraud Cooked Books 44 43 44
  • 23. 3/27/2019 23 Fraud Example 45 Dummy 1 Dummy 5Dummy 2 Dummy 3 Dummy 4 Customer Account Aus UK Switz HK USA Timescale  Over 15 years  Discovered by accident  +/- $ 300m  Multiple Country  Multiple Banks  Using a variety of IT 46 45 46
  • 26. 3/27/2019 26 Detection  Commonly detected by Operating performance anomalies.  Organisational Structure.  Management characteristics.  Accounting anomalies.  Internal control weaknesses.  Analytical anomalies.  Unusual behaviour. 51 Methodology  Pre-incident Preparation  Detection of incidents  Initial response  Response strategy formulation  Forensic Backups  Investigation  Security restoration implementation  Network monitoring  Recovery  Reporting  Follow-up 52 51 52
  • 27. 3/27/2019 27 IT Forensic Jargon Evidence media  The original media to be investigated Target media  the media duplicated onto Restored image  copy of the forensic image restored to its original bootable form Native operating system  the OS used on the restored image Live analysis  analysis conducted on the actual evidence media Offline analysis  analysis conducted using the target media or restored image 53 Forensic Analysis  Physical Analysis String search DOS-based StringSearch - http://www.maresware.com Search and extract eg $4A $46 $49 $46 $00 $01 is start of a JPEG file http://www.wotsit.org File slack and free space extraction http://www.nti.com  Logical Analysis Logical File space Slack space Unallocated space 54 53 54
  • 28. 3/27/2019 28 Computer Evidence... ...is like any other evidence, it must be:  admissible  authentic  accurate  complete  convincing to juries Computer Evidence... authentic  can we explicitly link files, data to specific individuals and events? access control logging, audit logs collateral evidence crypto-based authentication 55 56
  • 29. 3/27/2019 29 Computer Evidence... accurate  reliability of computer process not data content  can we explain how an exhibit came into being? what does the computer system do? what are its inputs? what are the internal processes? what are the controls? 58 Authentication  Must offer evidence “sufficient to support a finding that the [computer record or other evidence] in question is what its proponent claims.”  Degree of authentication does not vary simply because a record happens to be (or has been at one point) in electronic form  Challenges to authenticity  Were the records altered, manipulated or damaged after they were created?  Courts are skeptical of unsupported claims or alteration  Reliability of the computer program that generated the records  Program routinely relied upon in the normal course of business  Identity of the author of the records  Corroborate with circumstantial evidence 57 58
  • 30. 3/27/2019 30 59 Hearsay Problems  Computer records may or may not be “hearsay evidence” Contents of records with assertions attributed to a third party and presented as evidence may be considered hearsay Documents written by a person and produced by the computer Computer generated records where humans were not involved in any way (i.e., internally generated by the computer) are not hearsay Logs The Business Records Rule  “Records of regularly conducted activity. A memorandum, report, record, or data compilation, in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record, or data compilation, all as shown by the testimony of the custodian or other qualified witness, or by certification that complies with Rule 902(11),Rule 902(12), or a statute permitting certification, unless the source of information or the method or circumstances of preparation indicate lack of trustworthiness.”  -- Fed. R. Evid. 803(6) 60 59 60
  • 31. 3/27/2019 31 Common Mistakes  Ensure that proper documentation is maintained of all processes carried out in the execution of the analysis  Failing to control the digital  Altering date and time stamps on evidence systems before recording them  Using un-trusted commands and tools  Accidentally overwriting evidence when installing audit interrogation tools  Termination of rogue processes prematurely 61 “It’s just a non-transaction. It’s an error. It’s a back office glitch. Don’t worry about it!” JAMES BAX (BARINGS BANK) 61 62
  • 32. 3/27/2019 32 Root Cause Analysis  The fishbone diagram (Ishikawa Diagram) 63 Root Cause Analysis  Process mapping each step of a process is mapped out so that problem areas/bottlenecks in the process can be identified and improved.  The five why’s asking the question why something has happened five times – each times drilling down further to get to the root cause of the problem.  Tree diagrams in which the auditor will state the problem with causes listed as branches to the right of the problem. Causes continue to be clarified drawing additional branches to the right until each branch reaches its logical end. 64 63 64
  • 33. 3/27/2019 33 Root Cause Analysis  Event and causal factor analysis An extended version of the Ishikawa diagram used for multifaceted problems or for the analysis of long and complex causal factor chains  Pareto analysis named after the Italian economist Vilfredo Pareto (1907) described the unequal wealth of the country in terms that 20% of the population owned 80% of the resources  Change analysis used when a problem is obscure, typically a single occurrence, and focuses on those items in the environment which have changed since the non-problematic state 65 Questions? Any Questions? Don’t be Shy! 65 66
  • 34. 3/27/2019 34 AuditNet® and cRisk Academy If you would like forever access to this webinar recording If you are watching the recording, and would like to obtain CPE credit for this webinar Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week Thank You! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino Page 68 67 68