1) The document discusses continuous monitoring and auditing techniques using data analytics. It provides definitions and examples of continuous monitoring, auditing, and assurance.
2) Continuous monitoring involves ongoing management oversight of controls while continuous auditing involves independent testing by internal auditors. The relationship between the two is also discussed.
3) Implementing continuous monitoring and auditing can provide benefits like early detection of issues and fraud reduction but also faces challenges like obtaining the right data and tools.
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 3 Analytics Techniques
Conducting the Audit
Obtaining Information from IT Systems for Analysis
Use of Computer Assisted Audit Techniques
Analysis of Big Data
Results Analysis and Validation
Fraud Detection using Data Analysis
Root Cause Analysis
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 5 Data Analytics Software 4/16/19
Excel and Data Analysis
ACL and Data Analysis
IDEA and Data Analysis
SAS and Data Analysis
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 2 in a 6 Webinar Series - Analytics in the Audit
Conducting the Audit
Obtaining Information from IT Systems for Analysis
Use of Computer Assisted Audit Techniques
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 6 Using the Analysis 4/23/19
Analysis Reporting
Data Visualization and Presentation
Best Practices: Planning Data Analytic into Your AuditsFraudBusters
These slide accompany a video training presentation from AuditNet®. The video is available to view at http://bit.ly/1eBRLiZ (registration with AuditNet.tv required)
Learning Objectives:
Gain an appreciation, based on the attendee participants, of their successes and pitfalls when planning data analytics.
Understand some common approaches to overcoming obstacles to planning data analytics based on case studies from companies and survey attendees themselves.
Learn how planning analytics can be integrated into top audit areas.
Outline an effective data request process to ensure complete and accurate extractions of data every time.
See how analytics can maximize the annual audit plan and better ensure focus is placed on organizational risk.
Duplicate payments, duplicate vendors, and segregation of duties in accounts payable are still the top tests being run by auditors using analytics. They are simple, effective, and save money which always helps the business case for analytics. Further, vendor and related payments fraud is the #1 fraud (in volume) affecting all organizations – big and small, public and private, regardless of the industry and sector. Excel templates will be provided with admission to assist to complete all testing and visualizations using graphs. Further data request letters and analytic audit programs will be provided to “jump start” your audit efforts in the accounts payable and vendor management areas.
Specific learning objectives include:
o Run over 20….key, proactive error and fraud tests in the areas of the accounts payable, vendor masterfiles, and purchase order files, all in Excel.
o Map the report results to an audit program to produce an analytically-enabled audit program.
o Discover the top frauds and corruption schemes along with top cost efficiencies to enact within accounts payable reviews.
o Distinguish between the top major accounting systems used when extracting accounts payable and vendor masterfile data and obtain a standard data request to aid the extractions
o Complete a multiple perspective visualization review of your accounts payable data including time based, amount based, company/profit center based, enterer, etc.
These are the slides. If you would like the associated data files they are available for download after payment. Videos of these sessions are available for free.
Details contact Rich Lanza (rich@richlanza.com)
Leveraging Technology Using Keyword Analytics in Fraud and Compliance MonitoringJim Kaplan CIA CFE
Keyword analytics is the process of using data analytics to find keywords in both structured and unstructured data for detecting fraud and compliance review anomalies. It can be used by auditors, accountants and lawyers. This presentation from the 2015 TeamMate User Conference presented the results of the AuditNet Keyword Survey with tools and a comprehensive list of more than 4,000 keywords, social media terms, terrorist keywords and more.
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 3 Analytics Techniques
Conducting the Audit
Obtaining Information from IT Systems for Analysis
Use of Computer Assisted Audit Techniques
Analysis of Big Data
Results Analysis and Validation
Fraud Detection using Data Analysis
Root Cause Analysis
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 5 Data Analytics Software 4/16/19
Excel and Data Analysis
ACL and Data Analysis
IDEA and Data Analysis
SAS and Data Analysis
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 2 in a 6 Webinar Series - Analytics in the Audit
Conducting the Audit
Obtaining Information from IT Systems for Analysis
Use of Computer Assisted Audit Techniques
Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This 6 webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.
Webinar 6 Using the Analysis 4/23/19
Analysis Reporting
Data Visualization and Presentation
Best Practices: Planning Data Analytic into Your AuditsFraudBusters
These slide accompany a video training presentation from AuditNet®. The video is available to view at http://bit.ly/1eBRLiZ (registration with AuditNet.tv required)
Learning Objectives:
Gain an appreciation, based on the attendee participants, of their successes and pitfalls when planning data analytics.
Understand some common approaches to overcoming obstacles to planning data analytics based on case studies from companies and survey attendees themselves.
Learn how planning analytics can be integrated into top audit areas.
Outline an effective data request process to ensure complete and accurate extractions of data every time.
See how analytics can maximize the annual audit plan and better ensure focus is placed on organizational risk.
Duplicate payments, duplicate vendors, and segregation of duties in accounts payable are still the top tests being run by auditors using analytics. They are simple, effective, and save money which always helps the business case for analytics. Further, vendor and related payments fraud is the #1 fraud (in volume) affecting all organizations – big and small, public and private, regardless of the industry and sector. Excel templates will be provided with admission to assist to complete all testing and visualizations using graphs. Further data request letters and analytic audit programs will be provided to “jump start” your audit efforts in the accounts payable and vendor management areas.
Specific learning objectives include:
o Run over 20….key, proactive error and fraud tests in the areas of the accounts payable, vendor masterfiles, and purchase order files, all in Excel.
o Map the report results to an audit program to produce an analytically-enabled audit program.
o Discover the top frauds and corruption schemes along with top cost efficiencies to enact within accounts payable reviews.
o Distinguish between the top major accounting systems used when extracting accounts payable and vendor masterfile data and obtain a standard data request to aid the extractions
o Complete a multiple perspective visualization review of your accounts payable data including time based, amount based, company/profit center based, enterer, etc.
These are the slides. If you would like the associated data files they are available for download after payment. Videos of these sessions are available for free.
Details contact Rich Lanza (rich@richlanza.com)
Leveraging Technology Using Keyword Analytics in Fraud and Compliance MonitoringJim Kaplan CIA CFE
Keyword analytics is the process of using data analytics to find keywords in both structured and unstructured data for detecting fraud and compliance review anomalies. It can be used by auditors, accountants and lawyers. This presentation from the 2015 TeamMate User Conference presented the results of the AuditNet Keyword Survey with tools and a comprehensive list of more than 4,000 keywords, social media terms, terrorist keywords and more.
New Horizons for Official Institutions: Research FindingsState Street
These findings are based on fieldwork conducted during January 2014 by FT Remark. In association with State Street, FT Remark surveyed 62 senior executives at official institutions – defined as central banks, sovereign wealth funds and public pension reserve funds – to explore the opportunities and challenges they face today and in the future.
In the face of the increasing speed of technological change, how do we implement robust, flexible and scalable AML/CFT Monitoring Solutions that comply with local legislative requirements and international best practice. The talk explores the key determinants for technology project success and the benefits of Agile approaches to software development and implementation. The talk also recommends a framework for the Analysis and Design phase of AML/CFT Technology Implementations.
There are many misconceptions about the use of data analytics to detect fraud.
While in itself it does not detect fraud, data analytics is an integral part of the fraud detection process. This webinar will examine the truth behind the role of data analytics in the process including developing criteria to pare down data records, sorting through 100% of the records and tracking down anomalies hidden in your data.
Learning Objectives:
• Become familiar with data analysis processes
• Recognize misconceptions of how data analytic tools can be used for fraud detection
• Understand the real benefits of using data analytics and what it can do for you
• Obtain the steps required to apply the data analytic process to detect fraud
About the Presenter:
Sunder Gee, CPA, CMA, CIDA provides electronic data consultative services for tax lawyers, tax accountants and RTA Corporation. Sunder has also developed training material on various topics for the CRA and other organizations as well as published a book called "Fraud and Fraud Detection: A Data Analytics Approach”.
The Innovator’s Journey: Asset Owners Insights State Street
On behalf of State Street, Longitude conducted a global survey of senior executives at investment
organizations during October and November 2014. We asked them to self-assess their confidence and
progress across six data capabilities, including infrastructure, insight, adaptability, compliance, talent and
governance. The 400 respondents were drawn from 11 countries and included insurance companies,
private and public pension funds, fund-of-funds, foundations, central banks, endowments, sovereign
wealth funds and supranationals. One hundred asset owners participated in the survey.
This presentation describes how to be a proactive information security practitioner. Emphasis is on managing by measurement, and IT and Business Alignment.
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This webinar covered Fundamentals of IT Audit
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
ISACA IS Audit and Assurance Standards, Guidelines, and Tools & Techniques, Code of Professional Ethics & other applicable standard.
https://www.infosectrain.com/blog/cisa-domain-1-part-3-the-process-on-auditing-information-systems/
Selecting the right data analysis tool for your audit function requires a risk based selection process. In this session you will learn how to select the best tool and more importantly integrate the process into your staff. The right approach minimizes the risk of selecting a product that might not fit your organization, which could impair your function as it sits underutilized or on the shelf. Finding the right issues quickly and timely improves the value of auditing and assists auditing to win more work.
Attending this webinar you will learn a step-by-step approach:
. How to select the software
. Build a short/long term on-boarding roadmap
. Realize the lost opportunity of not including all auditors (no auditor left behind)
New Horizons for Official Institutions: Research FindingsState Street
These findings are based on fieldwork conducted during January 2014 by FT Remark. In association with State Street, FT Remark surveyed 62 senior executives at official institutions – defined as central banks, sovereign wealth funds and public pension reserve funds – to explore the opportunities and challenges they face today and in the future.
In the face of the increasing speed of technological change, how do we implement robust, flexible and scalable AML/CFT Monitoring Solutions that comply with local legislative requirements and international best practice. The talk explores the key determinants for technology project success and the benefits of Agile approaches to software development and implementation. The talk also recommends a framework for the Analysis and Design phase of AML/CFT Technology Implementations.
There are many misconceptions about the use of data analytics to detect fraud.
While in itself it does not detect fraud, data analytics is an integral part of the fraud detection process. This webinar will examine the truth behind the role of data analytics in the process including developing criteria to pare down data records, sorting through 100% of the records and tracking down anomalies hidden in your data.
Learning Objectives:
• Become familiar with data analysis processes
• Recognize misconceptions of how data analytic tools can be used for fraud detection
• Understand the real benefits of using data analytics and what it can do for you
• Obtain the steps required to apply the data analytic process to detect fraud
About the Presenter:
Sunder Gee, CPA, CMA, CIDA provides electronic data consultative services for tax lawyers, tax accountants and RTA Corporation. Sunder has also developed training material on various topics for the CRA and other organizations as well as published a book called "Fraud and Fraud Detection: A Data Analytics Approach”.
The Innovator’s Journey: Asset Owners Insights State Street
On behalf of State Street, Longitude conducted a global survey of senior executives at investment
organizations during October and November 2014. We asked them to self-assess their confidence and
progress across six data capabilities, including infrastructure, insight, adaptability, compliance, talent and
governance. The 400 respondents were drawn from 11 countries and included insurance companies,
private and public pension funds, fund-of-funds, foundations, central banks, endowments, sovereign
wealth funds and supranationals. One hundred asset owners participated in the survey.
This presentation describes how to be a proactive information security practitioner. Emphasis is on managing by measurement, and IT and Business Alignment.
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This webinar covered Fundamentals of IT Audit
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
ISACA IS Audit and Assurance Standards, Guidelines, and Tools & Techniques, Code of Professional Ethics & other applicable standard.
https://www.infosectrain.com/blog/cisa-domain-1-part-3-the-process-on-auditing-information-systems/
Selecting the right data analysis tool for your audit function requires a risk based selection process. In this session you will learn how to select the best tool and more importantly integrate the process into your staff. The right approach minimizes the risk of selecting a product that might not fit your organization, which could impair your function as it sits underutilized or on the shelf. Finding the right issues quickly and timely improves the value of auditing and assists auditing to win more work.
Attending this webinar you will learn a step-by-step approach:
. How to select the software
. Build a short/long term on-boarding roadmap
. Realize the lost opportunity of not including all auditors (no auditor left behind)
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
A recent survey report, Fraud in the Wake of COVID-19: Benchmark Report, prepared by the ACFE, explains that recent events have opened the door to increased pressure, reasonings and opportunities that can lead to occupational fraud. Across all classes of fraud schemes 68% of survey respondents reported increases in fraudulent activity as of May 2020 and 93%o reported they expect an increase in fraud over the next 12 months.
To guide auditors in running detective controls, join Mark Nigrini, West Virginia University Professor and author, and Jeffrey Sorensen, Industry Strategist, for an exclusive review of the fingerprints of fraud numbers. This two-person team will review seven categories of fraud numbers and will demonstrate how to identify these types of numbers using audit software.
In this informative and engaging presentation, attendees will:
● Learn the seven categories of fraud numbers
● Understand which categories are linked to specific types of schemes
● Optimize the steps needed to run the tests
● Interpret the results to identify audit targets
● Apply a second layer of steps to reduce the number of false positives
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
Webinar Overview - A look at duplicates testing and the inherent value of fuzzy data matching.
Identifying fuzzy duplicates has never been easier. Arbutus Analyzer’s versatile functionality enables even new users to detect possible duplicate payments, vendors sharing similar addresses among themselves or with your organization’s employees, and counter parties who may be on government watch lists. Our webinar includes nine different scenarios with detailed descriptions of the tests and their results.
You'll learn about:
• Identifying possible risks
• How to deploy Analyzer commands and functions
Key Presenter:
Michael Kano, ACDA, Data Analytics Consultant, Arbutus Analytics
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 4
• How to perform a data protection impact assessment (DPIA)
• The role of the data protection officer (DPO)
• Transferring personal data outside the EU
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
Data Analytics for Auditors Analysis and Monitoring
1. 4/1/2019
1
Data Analytics - 4
Analysis and Monitoring
based on Data Analytics for
Internal Auditors
by Richard Cascarino
About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors (now
available on iOS, Android and
Windows devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
Recipient of the IIA’s 2007 Bradford
Cadmus Memorial Award.
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
Page 2
1
2
2. 4/1/2019
2
About AuditNet® LLC
• AuditNet®, the global resource for auditors, is available on the
Web, iPad, iPhone, Windows and Android devices and features:
• Over 3,000 Reusable Templates, Audit Programs,
Questionnaires, and Control Matrices
• Training without Travel Webinars focusing on fraud, data
analytics, IT audit, and internal audit
• Audit guides, manuals, and books on audit basics and using
audit technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
• NASBA Approved CPE Sponsor
Introductions
Page 3
The views expressed by the presenters do not necessarily represent
the views, positions, or opinions of AuditNet® LLC. These materials,
and the oral presentation accompanying them, are for educational
purposes only and do not constitute accounting or legal advice or
create an accountant-client relationship.
While AuditNet® makes every effort to ensure information is
accurate and complete, AuditNet® makes no representations,
guarantees, or warranties as to the accuracy or completeness of the
information provided via this presentation. AuditNet® specifically
disclaims all liability for any claims or damages that may result from
the information contained in this presentation, including any
websites maintained by third parties and linked to the AuditNet®
website.
Any mention of commercial products is for information only; it does
not imply recommendation or endorsement by AuditNet® LLC
3
4
3. 4/1/2019
3
About Richard Cascarino, MBA,
CIA, CISM, CFE, CRMA
• Principal of Richard Cascarino &
Associates based in Colorado USA
• Over 28 years experience in IT audit
training and consultancy
• Past President of the Institute of
Internal Auditors in South Africa
• Member of ISACA
• Member of Association of Certified
Fraud Examiners
• Author of Data Analytics for Internal
Auditors
5
Today’s Agenda
Data analysis and Continuous Monitoring
Monitoring Tools
Implementing continuous monitoring
Potential benefits
Continuous Auditing
Implementing continuous auditing
Structuring the implementation
Perceived downside
Obtaining and maintaining support
Financial Analysis
Analyzing Financial Data
Use of ratios
Horizontal and vertical analysis
Subsidiary ledgers
Financial database analysis
Page 6
5
6
4. 4/1/2019
4
Continuous Transaction
Monitoring
Continuous monitoring defined
CM initiation and planning
Controlled monitoring selection
CM testing
CM Monitoring
7
Monitoring: Method and processes to ensure that crucial
policies/processes/internal controls are adequate and are
operating effectively
Used by operational/financial management
Internal Audit independently evaluates the adequacy of
management activities.
Auditing: The process by which the Internal Audit
team independently confirms that the internal controls are
working as intended.
Assurance: The confidence that results, due to
management’s daily oversight on all internal controls and
risks, that sets the stage for achievement of the
organization’s mission and goals.
First, Some Definitions …
8
7
8
5. 4/1/2019
5
Why Continuous Monitoring?
Advances in technology and increased business dynamics enable
businesses to change ever more rapidly,
Traditional audits and controls are no longer adequate
Key drivers
Past few years’ events (9/11, malfeasance crisis, complex and creative business
models)
Subsequent regulations (HIPAA, SOX, Patriot Act, Basel II, MiFID, etc.)
Business needs, competitive development of controls to be matched
Benefits
Immediate notification to management of problems, timely correction
Fraud reduction and improved risk management
Extensibility across multiple IT systems
Independence from operative management
9
Why Continuous Monitoring?
Growth through acquisitions wide variety of disparate IT systems
Data consolidation became a major challenge; multi-terabytes of
historical and real time data such as transaction logs, document files,
spreadsheets and financial reports stored on databases.
Security administrators were finding it impossible to monitor these
vast reservoirs of data in order to detect suspect usage patterns and
identify possible fraud before it was too late.
Non-intrusive solution needed to coexist with other IT systems
Independence from other processes to ensure impartial oversight
‘Events of interest’ are hidden across several system logs and
multiple log entries
Identification of suspicious behavior requires establishing profiles and
patterns (ex. multiple account of the same person)
10
9
10
6. 4/1/2019
6
Required of Continuous
Monitoring
Able to access and normalize disparate data from across the
enterprise
Offer comprehensive range of tests to effectively address
control objectives
Provide flexibility of tests as control opportunities change
Provide timely testing of data and reporting of results
Handle large transactional volumes with no negative impact
on operational system performance
Provide variable parameters for tests
Provide for alert notifications
Maintain security and integrity of tests and results
11
A Dramatic Change in the
Audit model
1. The continuous assurance model has many clients
2. The continuous assurance model had different Independence
considerations
3. The continuous assurance model has a different justification
4. The continuous assurance model is an element of the strategic
monitoring
5. The Continuous assurance model will turn the audit process into audit by
exception
6. A new set of analytics guides strategic monitoring
7. The continuous assurance model covers a wider set of quantitative and
qualitative non-financial data
8. The continuous assurance model has alternative materiality
considerations
9. The continuous assurance opinion has some futurity implied in it
11
12
7. 4/1/2019
7
Deficiencies of Traditional
Approach
Retrospective view
analysis frequently occurs long after transaction
has taken place, too late for action
Lack of timely visibility into control risks and
deficiencies
Alternatively
Independently test all transactions for
compliance with controls at, or soon after, point at
which they occur
13
Analytic Monitoring
Transaction
Monitoring
Rule
verification
Estimate
verification
Judgment
assurance
Rule based
evaluation
Rule heuristics Upstream /
downstream
verification
Exogenous
data
Continuity
reconciliations
Continuity
Equations
Continuity
Equations
Continuity
Equations
Transparent
markers
Structural
Knowledge
Value chain
relationships
Expert Systems
Confirmatory
extranets
Time-series /
Cross-sectional
analysis
Time-series /
Cross-sectional
analysis
Time-series /
Cross-sectional
analysis
13
14
8. 4/1/2019
8
Four levels of CA
Auditor
Process 1 Process 2 Process 3 Process 4
Process 6Process 5
MC Layer
Transaction monitoring
Object and info. flows
Rules of measurement interpretation
Formal spec
evaluation at all
points
Audit of judgments and facts
Transaction assurance
Rule assurance
Estimate assurance
Judgment assurance
Using Scripts for Continuous
Auditing
Continuous control assessment
Identification of control deficiencies
Identification of fraud, waste, abuse
Continuous risk assessment
Examination of consistency of processes
Development of enterprise audit plan
Support to individual audits
Follow-up on audit recommendations
15
16
9. 4/1/2019
9
Fraud Prevention &
Compliance
Key Drivers
Laws and Regulations
Direct P&L impact to prevent losses from fraud
Indirect P&L impact – business reputation, client
retention and acquisition
Continuous Monitoring Requirements
To detect fraudulent, unauthorized or money
laundering activities, operational systems need to be
monitored on an ongoing basis
All systems produce activity/transaction logs, but
differing formats
Centralized Monitoring Dashboard gives clear view
across all business transaction and IT systems
Evolution of Continuous
Monitoring
Manual Processing - Full User Intervention
Required (Retrospective Testing and Sampling)
Individual Macros - Some User
Intervention Required (Periodic
Testing of Selected Areas)
Menu Based Applications
- Limited User
Intervention Required
(Regular Testing Of
Identified Risk Areas)
Automated Testing /
Continuous Monitoring –
No User Intervention Required
(Frequent Testing for Leading
Indicators of Problems)
Most Organizations
Most groups
are stuck
here.
$ $ $
17
18
10. 4/1/2019
10
Obstacles to Continuous
Monitoring
1. Obtaining the data easily on a systematic basis
2. Standardizing the analysis process by identifying
key risk areas and leading indicators
3. Identifying a “champion” to spearhead creation of
custom analysis routines and allocating time to
complete the work
4. Avoiding the use of multiple applications to
produce the desired output
5. Moving to proactive monitoring from historic focus
on periodic retrospective testing
Caseware Monitor 5
Continuous controls monitoring solution
Pre-built solutions for industries that readily
monitor key controls
Auto-generate or custom build dashboards,
visualizations and reports
Captures KPIs such as root cause, money
saved and regulatory impact
Triggers an alert sent to users via email,
SMS or as notifications in apps
19
20
11. 4/1/2019
11
ACL Continuous Monitoring
Solution
http://www.acl.com/solutions/continuous_mo
nitoring.aspx
flexible and independent control review
mechanisms
management can review the exposures of
business risk
receive timely notification of control breaches
obtain summary reports
21
Infor Approva
http://www.infor.com/product-
summary/fms/approva-continuous-
monitoring/
continuous control monitoring software
management can execute repeatable processes
can handle transaction monitoring across
applications and platforms
can automate testing, track the results and
enables investigation
22
21
22
12. 4/1/2019
12
Infogix Enterprise Data
Analysis Platform
http://www.infogix.com/products/
family of software modules
enabling the organization to automatically validate
operational and financial information utilizing
standardized user-defined business rules
rule-based exception research, resolution and reporting
information from disparate reporting systems can be
centralized and personalized for individual
management requirements
23
Oversight Systems
http://www.oversightsystems.com/solutions
continuous transaction monitoring software
acts as a virtual analyst aimed at the detection of
operational variance
statistical, behavioral, Boolean, and time-based
Analytical capabilities
24
23
24
13. 4/1/2019
13
Role of continuous auditing
dependent on management’s
role in continuous monitoring of
controls
Inverse relationship: the greater
the role of management, the
less of a direct role of Internal
Audit.
True continuous assurance
Depends on effective monitoring
by management of internal
controls and Audit’s independent
assessment of that function.
Relationship of Continuous
Auditing/Monitoring/Assurance
25
Continuous Auditing
Owned and performed by Internal Audit
Primarily detective in nature (may also be
corrective)
Internal Audit is responsible for evaluating
continuous monitoring activities
Continuous Monitoring
Owned and performed by management
Can be preventative, detective, and/or
corrective in nature
Qualifies as an internal control
Summary of the Differences
26
25
26
14. 4/1/2019
14
Continuous Auditing
Required of auditors:
Ability to implement and understand IT
at an in depth level
Accumulate sufficient evidence to
communicate current status of risk-
control objectives
What is Continuous
Auditing?
Continuous auditing is a type of auditing
which produces audit results simultaneously
with, or a short period of time after, the
occurrence of relevant events.
It would be more accurate to call this type of
auditing instant rather than continuous.
Instant is not necessarily frequent.
27
28
15. 4/1/2019
15
Without Continuous
Monitoring
Management must:
Maintain an activity audit trail
Enforce access-control standards
Ban standardized administrator passwords
Enforce change management
Facilitate independent inspection of
infrastructure-management records
Auditors’ knowledge must stay current
The Auditing Process
• Traditional
• Engagement definition
• Audit planning
• Internal control
evaluation
• Substantive testing
• Opinion formulation
• Reporting
• Continuous
• MC architecture
• Analytic monitoring
structuring
• Discrepancy based audit
monitoring
• Continuous model
building and gathering
• Alarming and informing
• Discrepancy analysis
• Multilevel opinions
Continuous Auditing
29
30
16. 4/1/2019
16
Analytical Procedures in CA
Analytical procedures used in the planning, substantive
testing, and reviewing stages of an audit. We focus on
substantive testing.
In conventional auditing first apply analytical procedures to
identify potential problems, Then, focus detailed transaction
testing on the identified problem areas.
In CDA the sequence is reversed:
Use automated general transaction tests to all the transactions and
filter out identified exceptions for resolution.
Apply automated analytical procedures to the filtered transaction
stream to identify unforeseen problems.
Alarm humans to investigate anomalies.
31
Anomolies in Auditing
False positive error (false alarm, Type I error): A non-
anomaly mistakenly detected by the model as an anomaly.
Decreases efficiency.
False negative error (Type II error): An anomaly failed to
be detected by the model. Decreases effectiveness.
Detection rate is used for clear presentation purpose: The
rate of successful detection of seeded errors.
A good analytical model is expected to have good anomaly
detection capability: low false negative error rate (i.e. high
detection rate) and low false positive error rate.
32
31
32
17. 4/1/2019
17
6 Steps of Implementation
33
2. Rule
5. Follow-up
1. Priority
Areas
6. Action and
Reaction
4. Parameterization
3. FrequencyAudit Control Panel
Perceived Downside to CA
Audit access to live data
Availability of appropriate audit tools
Untrained or unqualified auditors
The perception that continuous auditing is a
technical area
34
33
34
18. 4/1/2019
18
Obtaining and Maintaining
Support for CA
Some support has come from the Public
Company Accounting Oversight Board
(PCAOB)
Roles assignment to appropriate individuals
is fundamental to success
Technical specialists to deal with the issues of
data access or designing a complex analytic
Non-technical auditor for the business design of
the tests regarding specific audit and control
objectives tests
35
Obtaining and Maintaining
Support for CA
Critical area for gaining acceptance of the
whole concept is the manner in which false
positives are dealt with
(common during the start-up phase of continuous
auditing)
reporting can be tailored to summarize values
without specifically addressing individual minor
anomalies
36
35
36
19. 4/1/2019
19
Benefits may be in Terms of
Reduction of risk
Improvements in corporate reputation
Improved customer satisfaction
Improved profitability
Reduction in the likelihood of fraud
occurrences
37
38
Financial Statements
Balance Sheet
Income Statement
Managers and Analysts Use Financial Statements to Conduct:
- Cash Flow Analysis
- Performance (Ratio) Analysis
37
38
20. 4/1/2019
20
39
Four Key Financial
Statements
1. Balance sheet
2. Income statement
3. Statement of retained earnings
4. Statement of cash flows
Implications of Finance
ELEMENTS OF BUSINESS UNIT STRATEGY
Value chain
Pro-R&D Pur- Sales
chasing duction
Where to ___ ___ ___ ___
compete ___ ___ ___ ___
___ ___ ___ ___
___ ___ ___ ___
When to Actions
compete
How to
compete
Source: Adapted from Kevin P. Coyne et al. (2000), Gaining advantage over competitors, McKinsey Quarterly
39
40
21. 4/1/2019
21
Inter-relationships
BUSINESS UNIT STRATEGY
Where to compete How to compete When to compete
Geogra-
phic
markets SustainableValue competitivepropositionCusto- advantageChannelsmers
RelationshipRelationship with otherSupply with share-chain Products suppliers holdersstages
Source: Adapted from Kevin P. Coyne et al. (2000), Gaining advantage over competitors, McKinsey Quarterly
Key Performance Indicators
Return on assets (ROA): General
assessment of profitability (all capital
providers point of view)
ROA assesses net profitability of operating
activities per dollar of average investment,
which is a measure of how profitable a
company is regardless of how the
company’s assets are financed.
41
42
22. 4/1/2019
22
Calculated by
ROA =
Net income + Interest expense, net of income taxes
Average total assets
ROA =
Net income + Interest expense (1-t)
Average total assets
where “t” = effective (or statutory) tax rate
Ratios Used to Assess
Profitability
Return on Common Equity (ROCE):
Assessment of profitability from the viewpoint of
common stockholders
ROCE assesses net profitability, after preferred
dividends, per dollar of common stockholders’
investment
Earnings Per Share (EPS)
Reflects net income, after preferred dividends,
available to an average common share of stock
43
44
23. 4/1/2019
23
Thus
ROCE =
ROA
Common Earnings
Leverage Ratio
Capital
Structure
Leverage Ratio
Net income + [interest
expense (1-t) ]
Net income –
preferred stock
dividends
Average total
assets
Average total assets Net income +
[interest expense
(1–t)]
Average
common
stockholders’
equity
And
ROA subcomponents: Net profit margin
ratio and asset turnover ratio.
The net profit margin ratio measures the
prefinancing income per dollar of sales.
Net profit margin ratio =
Net income + [interest expense x (1-t)]
sales
45
46
24. 4/1/2019
24
Ratios Used to Assess
Profitability
EBIT
Earnings before Interest and Tax
EBITA
Earnings before Interest, Tax and Amortization of Goodwill
ROI
Return on Investment
MVA
MVA = Market Value of the Firm - Book Value of the Firm
Market Value = (# shares of stock) (price per share) + Value of
debt
Book Value = Total common equity + Value of debt
If the market value of debt is close to the book value of debt, then
MVA is:
MVA = Market value of equity – book value of equity
Funds Analysis, Cash-Flow
Analysis, and Financial Planning
Funds Analysis, Cash-Flow
Analysis, and Financial Planning
Flow of Funds (Sources and Uses)
Statement
Accounting Statement of Cash Flows
Cash-Flow Forecasting
Range of Cash-Flow Estimates
Forecasting Financial Statements
Flow of Funds (Sources and Uses)
Statement
Accounting Statement of Cash Flows
Cash-Flow Forecasting
Range of Cash-Flow Estimates
Forecasting Financial Statements
47
48
25. 4/1/2019
25
Types Of Financial Ratios
49
Liquidity Ratios
Current Ratio
Quick Ratio
Turnover Ratios
Collection/Payment Period
Debt-to-Equity Ratio
Times Interest Earned Ratio
Gross Margin
EPS
P/E Ratio
Market-to-Book Ratio
Activity Ratios
Debt Ratios
Profitability Ratios
Market Ratios
Liquidity Ratios
50
seitilibailcurrent
assetscurrent
=ratioCurrent
seitilibailcurrent
inventoryassets-current
=ratioQuick
49
50
28. 4/1/2019
28
Financial Ratios For Cross-
Sectional and Trend Analysis
55
Cross-Sectional Analysis: Comparing
Different Firms’ Financial Ratios at the
Same Point in Time
Compared to firms in same industry
Benchmarking - compares a company’s ratio
values to those of competitors that company
wishes to emulate
Trend Analysis - Performance Evaluation
Over Time
Developing trends can be seen using multiyear
comparison
Financial Statements and
Financial Ratios
56
Balance Sheet
Income Statement
Liquidity Ratios
Activity Ratios
Debt Ratios
Profitability Ratios
Market Ratios
55
56
29. 4/1/2019
29
Strategies for Future
Shift to proactive monitoring
Automate any tests that can be run without user
intervention
start with the weekly file maintenance tests
Using information from exiting audit tests, identify
additional leading indicators of potential problems
Create/adapt test to search for these events on a more frequent
basis
Use the results from the automated tests in the risk
assessment process to help determine the focus of on-
going audit activities.
Questions?
Any Questions?
Don’t be Shy!
57
58
30. 4/1/2019
30
AuditNet® and cRisk Academy
If you would like
forever access to this
webinar recording
If you are watching
the recording, and
would like to obtain
CPE credit for this
webinar
Previous AuditNet®
webinars are also
available on-demand
for CPE credit
http://criskacademy.com
http://ondemand.criskacade
my.com
Use coupon code: 50OFF
for a discount on this
webinar for one week
Thank You!
Jim Kaplan
AuditNet® LLC
1-800-385-1625
Email:info@auditnet.org
www.auditnet.org
Follow Me on Twitter for Special Offers - @auditnet
Join my LinkedIn Group –
https://www.linkedin.com/groups/44252/
Like my Facebook business page
https://www.facebook.com/pg/AuditNetLLC
Richard Cascarino & Associates
Cell: +1 970 819 7963
Tel +1 303 747 6087 (Skype Worldwide)
Tel: +1 970 367 5429
eMail: rcasc@rcascarino.com
Web: http://www.rcascarino.com
Skype: Richard.Cascarino
Page 60
59
60