A Retrospective in Analytic Auditing and What’s Ahead
Description
The speaker will outline salient best practices in establishing an analytic program based on lessons learned looking back on the past two and a half decades. Specific learning objectives include:
o Review key dates in the last two decade’s timing that led to the advancement of audit data analytic programs.
o Highlight lessons learned over the years through case study examples.
o Outline the effective culture around the analytics program to serve as its foundation.
o Learn to apply analytics across the entire lifecycle from risk assessment, to planning, fieldwork, and reporting.
o Present analytic best practices being deployed by top performing organizations.
Auditors regularly invited into the Technology Committee meetings have an envious seat. They can listen to what is wrong with the current processes and see first-hand how the organization plans to change for improvement. While audit usually does not have a vote, they can vie for a role on any project committees organizing. Management in turn has certain expectations of audit’s participation.
Acting in a more pro-active manner, auditors can easily sell recommendations before the go-live date.
You will learn at this webinar:
· Defining audit’s role regarding reporting and timing
· Learn the stepping stones for enhancing integrated skill sets (map)
· A framework that be used on just about any process improvement, not just application changes
· How not to avoid crossing the line between audit consulting and managing the project
· Successful participation can help audit win more work
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
Selecting the right Computer Assisted Audit Tool may appear to be a huge undertaking; however, following a systematic approach eases the burden. The right approach minimizes the risk of selecting a product that might not fit into your organization, which could impair your function as it sits underutilized or on the shelf. While point and click visual style tools are settling into the market, many auditors rely on the legacy step-by-step software tools such as ACL, IDEA, Excel and “add-on” tools.
Many chief auditors pursue opportunities to increase the frequency and intensity of interactions with management and realize nothing gets attention faster than finding previously undetected anomalies in company data. Finding the right issues quickly and timely improves the value of audit and can assist audit in winning more work.
Attending this webinar you will learn:
· Identify analysis and financial constraints
· Scoping and defining audit strategic objectives
· Reviewing selection field based on Technical needs
· Building a short/long term on-boarding roadmap
· Realize the lost opportunity of not including all auditors (no auditor left behind)
Visualizing data has become one of the hottest trends in analytics not only because it works to more quickly identifying anomalies but in also explaining the results to management. In this case study focused webinar, you’ll learn how to translate unwieldy files of financial data into a single compact scattergraph, pie chart, or overlay—and then “sample with pictures” by picking out the key items that merit sampling and follow-up.
Specific learning objectives include:
o Understand graph types and their different analytical strengths from an audit perspective
o Learn best practices in dahsboarding results through a review of a variety of example dashboard templates
o Be able to score records based on various audit reports to improve your effectiveness and reduce false positives in your samples
o See how to quickly turn a visualization exercise into a sampling approach by sampling multiple categories to identify highest-risk items.
o Use auto-formatting and dynamic data-grabbing tools so new data can create new graphs each audit period, at the touch of a button
o Integrate statistics into your visualizations to extract the most exceptional sample units
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Fraud Auditing Creative Techniques
• Auditing Techniques
• Auditing method 1- 'Tiger Team Test"
• Auditing method 2- "Application of Benford's Theorem"
• Auditing method 3- "Use of Barium test"
• Auditing method 4- " Use of Birbal tricks and traps"
• Auditing method 5- "Application of inverse logic"
• Auditing method 6- "Use of Space-time dimension in data evaluation"
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Forensic and Investigative Audit Reporting
• Types of reporting
• Management
• Board/Audit committee
• Disciplinary action
• Litigation support
• Criminal process
• Follow up and remedial action
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers auditing contingency planning
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
TSB is a digital-first bank that is undergoing a massive transformation to cloud-based banking. Senior Audit Manager, Ian Kirton, drove the design and development of an audit function capable of adapting while the organization undergoes this change.
This presentation will take you through TSB Bank’s journey from first establishing the audit function through to developing a data analytics strategy as the organization gets ready to move to a new, state-of-the-art online banking platform.
Key learning objectives:
• How to develop an audit function for a cloud-based bank
• Creating a data analytics strategy to support the cloud-based enterprise
• Observing practical examples of how data analytics can be applied to get better audit results
• Learning Ian’s approach to analytics in a digital environment, and how it has made TSB Bank one of the Top 10 Best Big Companies
Auditors regularly invited into the Technology Committee meetings have an envious seat. They can listen to what is wrong with the current processes and see first-hand how the organization plans to change for improvement. While audit usually does not have a vote, they can vie for a role on any project committees organizing. Management in turn has certain expectations of audit’s participation.
Acting in a more pro-active manner, auditors can easily sell recommendations before the go-live date.
You will learn at this webinar:
· Defining audit’s role regarding reporting and timing
· Learn the stepping stones for enhancing integrated skill sets (map)
· A framework that be used on just about any process improvement, not just application changes
· How not to avoid crossing the line between audit consulting and managing the project
· Successful participation can help audit win more work
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
Selecting the right Computer Assisted Audit Tool may appear to be a huge undertaking; however, following a systematic approach eases the burden. The right approach minimizes the risk of selecting a product that might not fit into your organization, which could impair your function as it sits underutilized or on the shelf. While point and click visual style tools are settling into the market, many auditors rely on the legacy step-by-step software tools such as ACL, IDEA, Excel and “add-on” tools.
Many chief auditors pursue opportunities to increase the frequency and intensity of interactions with management and realize nothing gets attention faster than finding previously undetected anomalies in company data. Finding the right issues quickly and timely improves the value of audit and can assist audit in winning more work.
Attending this webinar you will learn:
· Identify analysis and financial constraints
· Scoping and defining audit strategic objectives
· Reviewing selection field based on Technical needs
· Building a short/long term on-boarding roadmap
· Realize the lost opportunity of not including all auditors (no auditor left behind)
Visualizing data has become one of the hottest trends in analytics not only because it works to more quickly identifying anomalies but in also explaining the results to management. In this case study focused webinar, you’ll learn how to translate unwieldy files of financial data into a single compact scattergraph, pie chart, or overlay—and then “sample with pictures” by picking out the key items that merit sampling and follow-up.
Specific learning objectives include:
o Understand graph types and their different analytical strengths from an audit perspective
o Learn best practices in dahsboarding results through a review of a variety of example dashboard templates
o Be able to score records based on various audit reports to improve your effectiveness and reduce false positives in your samples
o See how to quickly turn a visualization exercise into a sampling approach by sampling multiple categories to identify highest-risk items.
o Use auto-formatting and dynamic data-grabbing tools so new data can create new graphs each audit period, at the touch of a button
o Integrate statistics into your visualizations to extract the most exceptional sample units
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Fraud Auditing Creative Techniques
• Auditing Techniques
• Auditing method 1- 'Tiger Team Test"
• Auditing method 2- "Application of Benford's Theorem"
• Auditing method 3- "Use of Barium test"
• Auditing method 4- " Use of Birbal tricks and traps"
• Auditing method 5- "Application of inverse logic"
• Auditing method 6- "Use of Space-time dimension in data evaluation"
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Forensic and Investigative Audit Reporting
• Types of reporting
• Management
• Board/Audit committee
• Disciplinary action
• Litigation support
• Criminal process
• Follow up and remedial action
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers auditing contingency planning
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
TSB is a digital-first bank that is undergoing a massive transformation to cloud-based banking. Senior Audit Manager, Ian Kirton, drove the design and development of an audit function capable of adapting while the organization undergoes this change.
This presentation will take you through TSB Bank’s journey from first establishing the audit function through to developing a data analytics strategy as the organization gets ready to move to a new, state-of-the-art online banking platform.
Key learning objectives:
• How to develop an audit function for a cloud-based bank
• Creating a data analytics strategy to support the cloud-based enterprise
• Observing practical examples of how data analytics can be applied to get better audit results
• Learning Ian’s approach to analytics in a digital environment, and how it has made TSB Bank one of the Top 10 Best Big Companies
SolarWinds Application Performance End User Survey (Singapore)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
Webinar Description: In my years leading data analytics projects and teams, I have come across several different structures for the integration of DA. Some were at large multinational corporations and others were at small- and medium-sized organizations, including government bodies. Today, we'll look at four different models for the management of data analytics in Internal Audit departments. The key characteristics of each model will be described, as well as the strengths and weaknesses.
Participant Outcomes: By the end of this session, participants will be able to identify the model which best fits their organization.
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Data Analytics
• Probability theory in Data Analysis
• Types of Evidence
• Population Analysis
• Correlations and Regressions
• Fraud Detection using Data Analysis
• Data analysis and Continuous Monitoring
• Continuous Auditing
• Financial Analysis
While the majority of executives and internal audit leaders agree that data analytics is important, according to the 2016 IIA CBOK study, only 40% of respondents are using technology in audit methodology. Why the disconnect?
In this webinar, we will identify some of the common challenges associated with starting and continuing to use data analytics in your audit process. Easy-to-implement methods that help expand the use of data analytics and improve your audit coverage will also be presented.
Learning objectives
• Discuss ways to increase and expand the use of data analytics, including business and technology applications
• Identify the skills needed for successful use of data analytics
• Provide guidance on obtaining internal management support
• Offer tips on how to measure staff utilization and the effectiveness of analytics during audits
For information on our Webinars visit AuditNet.org (www.auditnet.org)
IT Fraud Series: IT Fraud and Countermeasures - July 20, 2017
Description
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session IT Fraud and Countermeasures
• Investigating by computer
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness
SolarWinds Application Performance End User Survey (Australia)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
SolarWinds Application Performance End User Survey (UK)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion.
This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process.
The learning objectives include the following:
- Learn about internal control terminology
- Learn about testing techniques and workpaper quality
- Learn about audit evidence
- Learn about workpaper documentation guidelines
Learn about Issues & Recommendations (I&Rs)
SolarWinds Application Performance End User Survey (Denmark)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Identifying and assessing risk is the basis for most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. New risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.
In this session we will discuss the different types of social media and how each poses unique opportunities and often unforeseen threats. We will specifically focus on how social media can impact reputation risk and what you can do as an Internal Audit department to ensure this risk is being addressed and properly mitigated.
SolarWinds Application Performance End User Survey (North America)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers auditing databases
World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization.
The discussion will offer insights into:
· Best practices audit clause language
· Compliance, operational and/or financial audit
· Plan in advance or surprise visit
· Books and records
· Location of audit
· Who can or should conduct the audit
· Impact of absence of a Service Level Agreement (SLA)
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
The Future of Auditing and Fraud Detection – Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
o Define the top company areas for data integration from structured, unstructured and external data sources.
o Highlight culturally what audit and fraud detection functions must do to embrace continuous embedded analytic reviews.
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
SolarWinds Application Performance End User Survey (Singapore)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
Webinar Description: In my years leading data analytics projects and teams, I have come across several different structures for the integration of DA. Some were at large multinational corporations and others were at small- and medium-sized organizations, including government bodies. Today, we'll look at four different models for the management of data analytics in Internal Audit departments. The key characteristics of each model will be described, as well as the strengths and weaknesses.
Participant Outcomes: By the end of this session, participants will be able to identify the model which best fits their organization.
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Data Analytics
• Probability theory in Data Analysis
• Types of Evidence
• Population Analysis
• Correlations and Regressions
• Fraud Detection using Data Analysis
• Data analysis and Continuous Monitoring
• Continuous Auditing
• Financial Analysis
While the majority of executives and internal audit leaders agree that data analytics is important, according to the 2016 IIA CBOK study, only 40% of respondents are using technology in audit methodology. Why the disconnect?
In this webinar, we will identify some of the common challenges associated with starting and continuing to use data analytics in your audit process. Easy-to-implement methods that help expand the use of data analytics and improve your audit coverage will also be presented.
Learning objectives
• Discuss ways to increase and expand the use of data analytics, including business and technology applications
• Identify the skills needed for successful use of data analytics
• Provide guidance on obtaining internal management support
• Offer tips on how to measure staff utilization and the effectiveness of analytics during audits
For information on our Webinars visit AuditNet.org (www.auditnet.org)
IT Fraud Series: IT Fraud and Countermeasures - July 20, 2017
Description
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session IT Fraud and Countermeasures
• Investigating by computer
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness
SolarWinds Application Performance End User Survey (Australia)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
SolarWinds Application Performance End User Survey (UK)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion.
This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process.
The learning objectives include the following:
- Learn about internal control terminology
- Learn about testing techniques and workpaper quality
- Learn about audit evidence
- Learn about workpaper documentation guidelines
Learn about Issues & Recommendations (I&Rs)
SolarWinds Application Performance End User Survey (Denmark)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
Identifying and assessing risk is the basis for most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. New risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.
In this session we will discuss the different types of social media and how each poses unique opportunities and often unforeseen threats. We will specifically focus on how social media can impact reputation risk and what you can do as an Internal Audit department to ensure this risk is being addressed and properly mitigated.
SolarWinds Application Performance End User Survey (North America)SolarWinds
The proliferation of BYOD, cloud, SaaS and consumer technologies in the workplace have made the application the disruptive technology that will drive business IT into the coming decades. At the same time, the application delivery chain is becoming more complex to support as applications become more networked, virtualization drives IT infrastructure convergence and abstraction and end users become more mobile. These survey findings highlight the impact of application performance and availability on business end users, and their experiences with and expectations of IT when problems arise. Chief among the findings is that while the application is now the heart of businesses of all sizes and its performance is the lifeblood of success, IT continues to struggle to ensure its performance and availability.
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers auditing databases
World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization.
The discussion will offer insights into:
· Best practices audit clause language
· Compliance, operational and/or financial audit
· Plan in advance or surprise visit
· Books and records
· Location of audit
· Who can or should conduct the audit
· Impact of absence of a Service Level Agreement (SLA)
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
The Future of Auditing and Fraud Detection – Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
o Define the top company areas for data integration from structured, unstructured and external data sources.
o Highlight culturally what audit and fraud detection functions must do to embrace continuous embedded analytic reviews.
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
Today's fast-paced and evolving business environment requires internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”?
Our research has found an approach that builds on three dimensions of effectiveness that must be addressed to be highly effective:
• Meeting stakeholder expectations
• Operating core processes
• Conforming to internal audit standards and applicable regulatory requirements
Learning Objectives
In this session, participants will:
• Discuss the need for and importance of strategic planning within the internal audit function
• Explore the 3 dimensions that contribute to a highly effective internal audit function
• Populate a framework to understand how processes and expectations are aligned and where changes need to occur
• Develop an initial strategic vision based on an understanding of stakeholder expectations
While the use of Data Analytics produces excellent results, they’re commonly applied in a tactical way for specific functional areas within an organization. This tactical approach often falls short of realizing the full potential of Data Analytics. Going beyond initial results, a more systematic approach to Data Analytics can help drive organizational learning (human and machine) from the various remediation processes.
In this Webinar, we’ll discuss 3 areas of Analytics Automation: (1) Producing the findings, (2) Managing the findings, and (3) Learning from the findings.
Key takeaways:
· The value of Analytics Automation
· Understanding the various technologies (i.e. RPA, AI, etc.)
· Practical ideas for deploying and managing Analytics Automation
· Using a more structured approach to remediation exceptions
· Benefits of Root Cause Analysis
· Using Analytics Automation to get a broader, more complete view of your organization over time
Internal auditors regularly access organization information for audit purposes. Many organizations now maintain computerized data warehouses containing useful management and financial information. Audit professionals therefore need to understand both the concepts of data warehousing as well as data mining techniques.
Data warehousing is a process for assembling and managing data from various sources for the purpose of gaining a single, detailed view of part or all of a business.
Data mining is the use of automated tools to explore and analyze large amounts of data stored in those data warehouses.
Print reports represent a valuable source of unstructured data which can be useful for internal auditors. Using print reports for data mining will be the main area covered in this Webinar.
Objectives
1. Identify the difference between data analysis and data mining Understand the importance between structured and unstructured data
2. Learn tips and best practices for data mining print reports
3. Understand how excel and IDEA handle importing different PDF formats
4. How to use templates to make future imports a one button task
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
Artificial Intelligence (AI) is found in just about every industry today, and accounting and auditing are no exception. Auditors that aren’t already exploring the vast potential of AI-powered applications in their audit program will soon find these tools are the industry standard and will be left in the dust if they don’t adapt and adopt.
To learn how to easily use AI apps in audit today, join us as we welcome Deniz Appelbaum, Assistant Professor at Montclair State University, for this exclusive presentation. With deep experience in audit analytics, Big Data, blockchain, audit automation, and fraud detection, Appelbaum brings considerable practical experience with audit technology to the audit profession.
In this presentation, she will help guests:
● Gain a basic introductory understanding of AI in audit.
● Understand how AP applications can be used in the context of auditing.
● Learn how to use AI apps in an audit for specific, achievable, measurable results.
Internal audit is a profession that struggles against the stereotypes of our past. When we explore our current processes and methodologies, one area that needs attention is executing the audit plan. If our focus is setting a plan in motion and tracking to completion each year, then we are not able to react to changes in our organizations. Financial services organizations face additional challenges in trying to balance emerging risks with the requirements of the regulatory authorities. By embracing the concept of agile auditing, we will be able to adjust more quickly and act as a more relevant partner to our organizations.
Learning Objectives
• Understand the concept of agile auditing
• Identify areas for applying agile techniques
• Discuss a strategy for successfully implementing agile audit
The use of robotic process automation (RPA is the rave but where can you best apply resources to maximize this powerful audit assistance. Specific learning objectives include:
o Identify the top opportunities for robotic process automation in audit processes.
o See where you can become a “citizen programmer”, building the bots alongside your business processes.
o Walk through case studies of applied audit-focused RPA
o Consider the limitations and benefits of RPA into a total cost of ownership exercise.
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 4
• How to perform a data protection impact assessment (DPIA)
• The role of the data protection officer (DPO)
• Transferring personal data outside the EU
Everyone is talking about the disruption that will impact our work as auditors as businesses deploy technology and analytics at an accelerated pace. The agile auditor is preparing NOW for these changes and acquiring the skills necessary to practice effective analytics.
But, the huge challenge is taking that first step from where auditors are now, to where we want to go.
In this session, Dr. Appelbaum will explain how to start an analytics project by sharing a broad overview of the benefits of analytics and a framework for project creation. Special insights will be provided on data preparation, as this is a major bottleneck for many data projects, along with real case studies to demonstrate the importance of data quality and audit objective alliance.
Learning Objectives
• Learn how to build a framework for an audit analytics project and customize it based on audit objective, data and software tools available
• Discuss the issues of data quality and gain tips to prepare the data for analysis
• See these concepts with real case data and applications of projects that worked
• Have your concerns about getting started with an analytics project and how to successfully complete it addressed
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 1 of 10
This Webinar focuses on Cyber Defense
• Threats/Threat actors/Common Cyber Attack methods
• Attacks and vulnerabilities exposed
• Layered protection measures against Cyber threats
• Firewalls and levels of protection they provide
• Traffic profiling and monitoring for inbound and outbound traffic
• Intrusion Detection
• Incidences of Compromises
• Penetration testing regimes and vulnerability testing
• NIST Vulnerability Checklist
• The Security Content Automation Protocol (SCAP)
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
Webinar Overview - A look at duplicates testing and the inherent value of fuzzy data matching.
Identifying fuzzy duplicates has never been easier. Arbutus Analyzer’s versatile functionality enables even new users to detect possible duplicate payments, vendors sharing similar addresses among themselves or with your organization’s employees, and counter parties who may be on government watch lists. Our webinar includes nine different scenarios with detailed descriptions of the tests and their results.
You'll learn about:
• Identifying possible risks
• How to deploy Analyzer commands and functions
Key Presenter:
Michael Kano, ACDA, Data Analytics Consultant, Arbutus Analytics
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
The internal auditor has a unique and challenging role when it comes to improving the governance processes of their organization. Exercising objective judgment and maintaining professional integrity are essential roles of the internal auditor; however these roles may become undermined when strong political or cultural pressures are at play. This webinar will help internal auditors prepare for and successfully navigate through these pressures should they be encountered.
Learning Objectives:
• Understand how the IIA Code of Ethics applies to Internal Auditors
• Apply “IIA Standard 2110 – Governance” as a key resource
• Assess ethics in light of internal audit independence
• Gain insight to how organizational culture affects ethical behavior
• Evaluate independence and objectivity using a framework
Who will benefit:
Corporate Directors
Corporate Officers
Fraud & Forensic professionals
Audit professionals
Risk professionals
Compliance professionals
Legal professionals
Ethics professionals
Governance professionals
Finance and Accounting Professionals
Many auditors often forget the fundamentals of internal auditing. This webinar will focus on areas of internal auditing that every auditor should know. This includes understanding Audit’s role in the organization, IIA standards, internal control, and the key components of the audit process.
This webinar is for auditors who want to understand the key components of the audit process including characteristics of successful auditors.
The learning objectives include the following:
Learn about the IIA Professional Practices Framework
Learn about the framework of internal control as defined by the Committee of Sponsoring Organizations (COSO)
Learn about the basic elements of the audit process
As stated in the Institute of Internal Auditors IPPF, “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk (2120.A2)”.
How is your auditing function meeting this professional expectation? The time to test fraud controls is before you have a fraud. Testing fraud controls is more commonly referred to as an “anti-fraud” assessment and is typically conducted by auditors as a consulting service. How long has it been since a comprehensive review was conducted at your organization? Once completed, as the company changes over time, sections of the first review should be updated.
This webinar will cover:
· How strong are your controls?
· Are you looking for fraud or is fraud looking for you?
· The time to detect directly impacts the chances of recovery
· Shell Vendors uncovered made the headlines in 2016
· Looking for signs of complacency in the workplace
· A robust organizational COSO based framework that organizes your work from cradle to grave
· Working paper and check list recommendations
· Actual audit report sample (with author identification removed)
Similar to Retrospective data analytics slides (20)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
A recent survey report, Fraud in the Wake of COVID-19: Benchmark Report, prepared by the ACFE, explains that recent events have opened the door to increased pressure, reasonings and opportunities that can lead to occupational fraud. Across all classes of fraud schemes 68% of survey respondents reported increases in fraudulent activity as of May 2020 and 93%o reported they expect an increase in fraud over the next 12 months.
To guide auditors in running detective controls, join Mark Nigrini, West Virginia University Professor and author, and Jeffrey Sorensen, Industry Strategist, for an exclusive review of the fingerprints of fraud numbers. This two-person team will review seven categories of fraud numbers and will demonstrate how to identify these types of numbers using audit software.
In this informative and engaging presentation, attendees will:
● Learn the seven categories of fraud numbers
● Understand which categories are linked to specific types of schemes
● Optimize the steps needed to run the tests
● Interpret the results to identify audit targets
● Apply a second layer of steps to reduce the number of false positives
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 2 of 10
• Special categories of personal data
• The rights of data subjects, including data access requests
• Controllers and processors
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Use Cases : Duplicate Testing & Segregation of Duties
Learning Objectives / Key Takeaways:
Learn how ATCO evolved its Internal Audit practice through embedding Data Analytics within our Audit Shop.
Identify how data-driven auditing can save time and increase audit assurance, coverage and quality.
See specific examples of how Analyzer was used to detect duplicate payments and assess Segregation of Duties.
Understand the benefits of creating procedures/scripts, to automate testing.
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
1. A Retrospective in Analytic
Auditing and What’s Ahead
About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and
Windows devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
IIA Bradford Cadmus Memorial
Award Recipient
Local Government Auditor’s Lifetime
Award
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
Slide 1
2. About AuditNet® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 2,800 Reusable Templates, Audit Programs, Questionnaires, and
Control Matrices
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
Introductions
Slide 2
HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners.
Unauthorized usage or recording of this webinar or any of its material is strictly forbidden.
If you logged in with another individual’s confirmation email you will not receive CPE as the
confirmation login is linked to a specific individual
This Webinar is not eligible for viewing in a group setting. You must be logged in with your
unique join link.
We are recording the webinar and you will be provided access to that recording after the
webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.
If you have indicated you would like CPE you must attend the entire Webinar to receive CPE
(no partial CPE will be awarded).
If you meet the criteria for earning CPE you will receive a link via email to download your
certificate. The official email for CPE will be issued via NoReply@gensend.io and it is
important to white list this address. It is from this email that your CPE credit will be sent.
There is a processing fee to have your CPE credit regenerated post event.
Submit questions via the chat box on your screen and we will answer them either during or at
the conclusion.
You must answer the survey questions after the Webinar or before downloading your
certificate.
Slide 3
3. IMPORTANT INFORMATION
REGARDING CPE!
SUBSCRIBERS/SITE LICENSE USERS - If you attend the entire Webinar you will receive
an email with the link to download your CPE certificate. The official email for CPE will be
issued via NoReply@gensend.io and it is important to white list this address. It is from
this email that your CPE credit will be sent. There is a processing fee to have your CPE
credit regenerated post event.
NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the entire Webinar and
requested CPE you must pay a fee to receive your CPE. No exceptions!
We cannot manually generate a CPE certificate as these are handled by our 3rd party
provider. We highly recommend that you work with your IT department to identify and
correct any email delivery issues prior to attending the Webinar. Issues would include
blocks or spam filters in your email system or a firewall that will redirect or not allow
delivery of this email from Gensend.io
Anyone may register, attend and view the Webinar without fees if they opted out of
receiving CPE.
We are not responsible for any connection, audio or other computer related issues. You
must have pop-ups enabled on you computer otherwise you will not be able to answer the
polling questions which occur approximately every 20 minutes. We suggest that if you
have any pressing issues to see to that you do so immediately after a polling question.
Slide 4
The views expressed by the presenters do not necessarily represent the views,
positions, or opinions of AuditNet® LLC. These materials, and the oral
presentation accompanying them, are for educational purposes only and do not
constitute accounting or legal advice or create an accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and
complete, AuditNet® makes no representations, guarantees, or warranties as to
the accuracy or completeness of the information provided via this presentation.
AuditNet® specifically disclaims all liability for any claims or damages that may
result from the information contained in this presentation, including any websites
maintained by third parties and linked to the AuditNet® website.
Any mention of commercial products is for information only; it does not imply
recommendation or endorsement by AuditNet® LLC
Slide 5
4. AuditNet® and cRisk Academy
If you would like forever access
to this webinar recording
If you are watching the
recording, and would like to
obtain CPE credit for this
webinar
Previous AuditNet® webinars
are also available on-demand for
CPE credit
http://criskacademy.com
http://ondemand.criskacademy.com
Use coupon code: 50OFF for a
discount on this webinar for one week
Slide 6
Richard B. Lanza, CPA, CFE, CGMA
• Director of Audit Data Analytics for Grant Thornton, LLP
• Over 25 years of ACL, Excel and other software usage
• Received the outstanding achievement in business award by the
Association of Certified Fraud Examiners for developing the publication
Proactively Detecting Fraud Using Computer Audit Reports as a
research project for the IIA
• Recently was a contributing author of:
• Detecting Corruption with Analytics: A Roadmap – The
International Institute for Analytics
• Global Technology Audit Guide (GTAG #13) Fraud In An
Automated World – Institute Of Internal Auditors.
• Cost Recovery – Turning Your Accounts Payable Department
Into A Profit Center – Wiley And Sons.
• Data Analytics: A Roadmap for Expanding Capabilities
(published 2018 in partnership with the IIA's Internal Audit
Foundation)
• In 2015, discovered a new textual analytic technique using letters
called the Lanza Approach to Letter Analytics (LALA)TM
Slide 7
The views expressed by the
presenters do not necessarily
represent the views, positions, or
opinions of Grant Thornton, LLP.
These materials, and the oral
presentation accompanyingthem,
are for educational purposes only
and do not constitute accounting
or legal advice or create an
accountant-client relationship.
rich.lanza@us.gt.com
5. Today’s Agenda
Review key dates in the last two decade’s timing that led to
the advancement of audit data analytic programs
Highlight lessons learned over the years through case
study examples
Outline the effective culture around the analytics program
to serve as its foundation
Learn to apply analytics across the entire lifecycle from risk
assessment, to planning, fieldwork, and reporting
Present analytic best practices being deployed by top
performing organizations
Slide 8
Rich Lanza
30 Year Career in a Slide
Slide 9
Start – 1980s
Fast Food Math
TRS 80
Lotus 123/Excel
Accounting Intern
Current
Grant Thornton, LLC
Audit Data Analytics
Controls and Risk Analytics
1990s
KPMG – MUS Sample
ACL and IDEA
Centralized Analytics
Writing / Speaking
AuditWatch
Early 2000s
AICPA / CPA2Biz
Toys “R” Us
Application & Research
Buyers Guide
Cost Recovery
2004 - 2016
Cash Recovery Partners, LLC
Audit Software Partners LLC
AuditNet ®
AuditSoftwareVideos.com
6. Why Are We Still Talking About Implementing Analytics?
Distrust of Technology
Audit report issued by Marwick, Mitchell & Co. based on their audit of Northern
Shoe Company, Duluth, Minnesota - February 5, 1908
The adding machine in its riper place is an excellent institution but when it is resorted
to on every occasion for the simple addition of two and two it becomes not only
useless but dangerous…….Apart altogether from the time wasted in this way, the use
of the machine which at first may be due to laziness on the part of the employee
becomes at length a necessity for it is a well-known fact that the constant use of any
mechanical calculator leads inevitably to trophy of the calculating faculty. A man who
cannot calculate nimbly and accurately is of very little use as a bookkeeper. We
would strongly advise that the adding machine be removed from the office or its use
very much restricted.
Slide 11
https://caats.ca/
7. Slide 12
News Flash: Projects Fail
Nothing New – KPMG Study
56% of firms have had to write off at least one IT project in the
last year as a failure.
The average loss incurred – approximately $13 Million
The single biggest write-off - almost $210m
Among the reasons cited for failure:
inadequate planning
poor scope management
poor communication between the IT function and the business
“IT project failure is rampant – KPMG” The Register
Published 26th November 2002
http://www.theregister.co.uk/2002/11/26/it_project_failure_is_rampant/
What Did the I.I. Analytics Find?
Slide 13
8. AuditNet® Survey - 2012 Data
Analysis Audit Software
• Profile of Over 550 Responses:
• 70% 10 or less auditors
• 30% had not purchased data analysis software
• Cost was the top reason for not buying the software
followed by training
• 57% felt that training was the key reason analytics is
not required on audits
• 59% of auditors do not require analytic steps in audits
Slide 14
AuditNet®’s 2017 State of Technology
Use By Auditors – 408 Responses
Slide 15
9. Reasons For Not Using
Data Analytic Software
2015 AuditNet® Audit Data Analysis Software Survey
Slide 16
Top Five Reasons For Not Implementing Audit Technology
The software costs too much(budget constraints)
We do not have a budget for audit software training
The training costs too much
The annual support costs too much
Audit management does not mandate it's use
Slide 17
AuditNet®’s 2017 State of Technology
Use By Auditors – 408 Responses
10. How Can We Increase Analytic Usage?
Take My Manual Audit, circa 1998
Make data analytics a priority on every audit
Data exists for every process
Try to use analytics in every audit and explain if you do not
Replace manual tests with automated ones
You need to replace to provide the time for analytics
Do one less audit and spend the time “thinking” this year
Focus on I T testing – user and segregation of duties testing
Slide 19
11. Analytic Benefit in Sum:
Doing More With Less
Page 20
2015 AuditNet® Audit Data Analysis Software Survey
Surveillance is the quickest and
lowers fraud impacts
2016 Report to the Nation – Association of Certified Fraud Examiners
Slide 21
2/3 less costly
3x detection time
12. My Top Audit Savings Ever
http://bit.ly/2Fb5oOd
Over $100MM identified, $40MM recovered
Led to people, process and technology improvements
It focused on turning the “F” word into the “R” word
Was based on a simple aging report
Positive values were aged separate of negative values
Slide 22
Crossing the Chasm
by Geoffrey Moore
Slide 23
13. Learning from Other Professions
Engineers, AutoCAD and the 1990s
Attorneys and E-Discovery efficiency
Medical profession
Collecting, collating and categorizing physicians’ experiences
Correlations between DNA and disease
Robotic and virtual guided surgery
Predictive modeling of mental state from phone messages
...some people will be replaced, the remaining will be augmented
Slide 24
Follow the external auditors
Identify top areas of manual effort or deficiency
Collaborate with I.T. (They have budget)
Build testing modulus to automate security and data privacy concerns
Make their life easier / Reduce risk in their areas of domain
Play to their ego / They can use best practice automated control
Collaborate with BPOs (They have more budget)
Make their life easier / Reduce manual testing & questions
Reduce risk in their areas of domain
Focus less on risk testing and more on business value opportunities
Slide 25
People
Collaborate With the “Purse Strings”
14. Train everyone (Opportunists and Champions)
Different training for each group
Both are experts in their own right
Communicate frequently
Train staff with competency based training
Allow team members to gain internal certifications
Just in time training of key skills seen as most desirable
Have an internal or external coach
Get the experience you need when you need it – private lesson style
Provide a safe place to talk about what worked….and what didn’t
Slide 26
People
Training Approaches
Have a backup
There can not only be one!
Code their knowledge
Less than 45% have ever scripted their work
Document, save, and videotape your work
Audit logs in software, flowcharts, and documents take minutes
to develop to the hours to later remember what was done
Video editing (Camtasia) can be used to show how to run
applications for future auditors
Slide 27
People
Closing the “Lone Ranger” Revolving Door
15. Flipping the Model of Analytics
Slide 28
Data Management
Extraction, Transformation and Enrichment
16. Overcoming Data Challenges
Normalizing data is 80% of the time (in the beginning)
“By most accounts, 80 percent of the development effort in a big data project
goes into data integration and only 20 percent goes toward data analysis.” —
Intel Corporation
Data is in every process
It may not be ERP / It may be in your “Big Data”
90% of data is text
Audit (Internal & External) is the best partner to get the data
They are independent / Not proving the data is a scope limitation
Tend to establish the most secure data warehouses
Page 30
Automated Data Normalization
Store procedures for data cleanup once
Create a normalized set of data fields named by YOU
Ensure data quality tests are run prior to analysis
Automate these routine tasks to increase analyst’s time
Enrich the data by organizing it by type codes
Page 31
17. Sample Data Validation
Accounts Payable Other Questions
Make a checklist (to make sure you follow it):
Statistical analysis should also be completed as part of the validation
analysis
Agreement to batch totals, sample data and hardcopies is critical
Page 32
Codify Journal Entry Data
Type of account – Revenue, expense, etc.
Balance Sheet impact and strata category
Income Statement impact and strata category
If the entry has a revenue posting in it
If the entry is associated with a key words table of
unusual words
Manual vs. automated entry
The rank, average value, and std deviation for that
account, if relevant
Slide 33
18. Asking Questions of Data
Lessons from WorldCom/ MCI
Slide 35
In 2002, a small team of internal auditors at
WorldCom worked together, often at night and
secretly, to investigate and reveal $3.8 billion
worth of fraud….
The fraud was accomplished primarily in two
ways:
1.Booking "line costs" (interconnection
expenses with other telecommunication
companies) as capital expenditures on the
balance sheet instead of expenses.
2.Inflating revenues with bogus accounting
entries from "corporate unallocated revenue
accounts".
19. 101 ACL Applications
Over 100 reports including all scripts, audit
objectives, comments to scripts and suggested
audit steps to take with the results
Page 36
Reducing False Positives
http://bit.ly/2H5lYM5
37
Blog article explains
specifically explains
how to:
Remove noise
Filter top
predictors
Duplicate hit rates
increased to 50%
vs. less than 1%
21. Getting Around The Pivot
Right click on the amount fields (data part) to
see field list and edit various Pivot Table options
Select from the Top Ribbon Menu the Options
and Design menus for Pivot Tables (Excel
creates them when a Pivot Table is created) –
best and easiest way to make changes
Slide 40
Benford’s Law: The Basis of
Digital Analysis
41
22. Scatter Chart
Slide 42
Scatter Chart Explanation
Slide 43
1 – high dollar change and low count (outliers)
2 – charges that make sense
3 – changes that don’t make sense
4 – inefficiency that is developing
23. Key Control Reports & Scoring
Of the top scored
reports for “fraud”,
find the highest
percentage vendors,
enterers, approvers
etc.
Look for patterns in
the score and the
people related to the
transactions.
Slide 40
Transactional Score
Benefit Patterns Example
Slide 45
24. Focusing on the Edges of
the Normalized Curve
Slide 46
Expanding Our Data Perspective
Moving past structured data
25. The Population of Data Type
Slide 48
Structured Data
Accounting records
Sub ledger details
Monthly performance
measures
Unstructured Data
Documents (Excel, PDF,
Word)
Emails
Network Logs
External Data
Geomap Service
OFAC, SAM.Gov Watch Lists
IRS Tax ID Match
Top Areas To Start Your Own
(Big) Data Analytics
General Ledger
Revenue Cycle
Accounts Payable
Procurement
Payroll Expenses
T&E Spend
Customer and Vendor Feedback
Employee Feedback / Whistleblower Hotline
Process Feedback (Defects, Notes)
Slide 49
26. 80% of Data is Text Based When
Did You Last Audit Text?
It works fast to quickly gain a perspective of the business process data:
Look for deviations over a 3-year moving average of phrase usage
Help with new accounting standards relying on contract analysis
If digital analysis/Benford’s Law is latitude, letter analytics is longitude
Text is far richer in business value and providing a picture than simple
digit theory
The unique word chart provides a more normalized view of activity
while total word occurrences by letter provides a more dynamic chart
The trends can be seen quickly to ask relevant questions and to
highlight fraud
Why not use another approach, such as Benford’s Law, to look at ALL data?
Slide 50
Behavioral Analysis
Key Words and the Fraud Triangle
Slide 51
Opportunity
CHANNEL STUFFING
COOKIE JAR RESERVES
FRAUDULENT SHAM
QUID PRO QUO
SECRET ACCOUNT
Rationalization
DON’T KNOW WHAT ELSE TO
DO
PIECE OF THE ACTION
TREAT ME THIS WAY
WORRY ABOUT IT LATER
THEYLL BE SORRY
Pressure
FROM PETER TO PAY PAUL
MANAGE EARNING
TICKING TIME BOMB
WALL STREET
EXPECTATIONS
Per AuditNet® Key Words
http://bit.ly/2oCgEJO
27. American Language’s First
Letters - COCA
Slide 52
The Benford’s Law of Words
Journal Entry Analysis
Word usage in ledger
• Same words tend to occur year over year
• Changes may indicate some change in
the client that could affect risk
assessment
Slide 53
http://bit.ly/1TGwvPS and http://bit.ly/21mEbsU - ACFE Fraud Magazine articles on
“The Benford’s Law of Words – Parts 1 and 2”
28. What’s Ahead?
Strengthen the Three
Lines of Defense
The Three Lines of Defense
Common Constraints
• Slow, manual
• Lack of coordination
• Human subjectivity
• Magnitude of data with limited data resources
The Opportunity
• Insights to identify, monitor, control and
mitigate risks across 3 lines of defense
• Analytic processes directly aligned with
COSO framework
• An opportunity to create efficiencies and
improve effectiveness of the 3 lines of
defense
The Result
• Active data monitoring reduces fraud
losses and fraud detection time by 50%
• Create an opportunity shape the
business' direction and create value
across the organization
Slide 55
29. Audit Analytics Panel
February 22, 2018 (90 minute video)
http://bit.ly/2CXAcMs
Key Notes
Slide 56
80% of the time getting the data / 20% of the time doing analysis
Random samples are defensible / 100% analysis is insightful
The definition of a test is transforming using data
Embedding KPI analytics into the ERP rollout plan
We are at the cusp of continuous auditing
It is becoming the expectation from companies
The receptivity has never been greater
Data Analytics
IIA Research Guides
Other Thought Leadership
• Internal Audit Analytic Surveys – Grant Thornton partnered with the Internal Audit Foundation >>
https://www.grantthornton.com/library/articles/advisory/2017/internal-audit-new-value-data-analytics.aspx
• White Paper – Driving Enterprise Value through Data Analytics >>
https://www.grantthornton.com/library/articles/advisory/2017/enterprise-value-through-data-analytics.aspx
• Data Analytics: A Roadmap for
Expanding Capabilities (published 2018
in partnership with the IIA's Internal Audit
Foundation)
• Data Analytics: Elevating Internal Audit's
Value (published 2016 in partnership with
the IIA's Internal Audit Foundation)
Books
Slide 57
30. Lumen by Grant Thornton LLP
http://gt-us.co/2I2EK8f
Slide 58
Questions?
Any Questions?
Don’t be Shy!
Slide 59
31. More Courses by Rich Lanza
In the Queue for 2018
Many additional training opportunities are available on
www.auditnet.org
June 6
Super-Data-Charging Your Corruption Reviews With Integrated Analytics
September 12
The Future of Auditing and Fraud Detection
December 12
When Data Visualizations and Data Imports Just Don’t Work
Slide 60
Learn More: Go to AuditNet®
AuditNet® and cRisk Academy
If you would like forever access
to this webinar recording
If you are watching the
recording, and would like to
obtain CPE credit for this
webinar
Previous AuditNet® webinars
are also available on-demand for
CPE credit
http://criskacademy.com
http://ondemand.criskacademy.com
Use coupon code: 50OFF for a
discount on this webinar for one week
Slide 61
32. AuditSoftwareVideos.com
Now Free (But Not for Long!)
70+ Hours of videos accessible for FREE subscriptions
Repeat video and text instruction as much as you need
Sample files, scripts, and macros in ACL™, Excel™, etc.
available for purchase
Bite-size video format (3 to 10 minutes)
>> Professionally
produced videos by
instructors with over 20
years experience in
ACL™, Excel™ , and
more
Slide 62
Thank You!
Jim Kaplan
AuditNet® LLC
1-800-385-1625
Email: webinars@auditnet.org
www.auditnet.org
Richard B. Lanza, CPA, CFE, CGMA
Contact Information
D: +1 732 516 5527
M: +1 732 331 3494
Email: rich.lanza@us.gt.com
Slide 63