SlideShare a Scribd company logo

Super Strategies 2014 ACL Presentation

Download as PPTX, PDF
D
David Fernandes
1 of 34
Overcoming Small Department Challenges Session G4 Wednesday, April 30th, 2014 10:45 – 11:45 David Fernandes Implementing ACL - A Strategy For Success
ACL Workpapers & GRC Project Case Study Implementing ACL - A Strategy For Success Session G4 Slide # 2
TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES ACL WORKPAPERS GRC OVERVIEW ACL RISK OVERVIEW Q&A Implementing ACL - A Strategy For Success Session G4 Slide # 3
YOUR EXPECTATIONS How many in Audit Department ? <5 < 10 What are you using now ? Excel / Word / TeamMate What do you want to accomplish with a Workpapers / GRC solution ? When do you want to have a Workpapers / GRC solution in place ? Session G4 Slide # 4 Implementing ACL - A Strategy For Success
• Fraud Detection • Segregation of Duties • Automation of Data Mining • Compliance Issues • Regulatory Issues • Commission Payments But wait…there is more …… • Identify fraud, misuse, and errors • Identify compliance issues • Flag exceptions in real time • Automate manual processes for continuous monitoring What issues do you want to solve ?? Session G4 Slide # 5 Implementing ACL - A Strategy For Success
TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES ACL WORKPAPERS GRC OVERVIEW ACL RISK OVERVIEW Q&A Session G4 Slide # 6 Implementing ACL - A Strategy For Success
Goals - Do More - With Less  Develop a framework for assessing different levels of audit analytic techniques and associated benefits.  Define progressive levels to evolve its use of Data / Business Analytics.  Identify the building blocks: People, Process and Technology that must be in place to optimize benefits.  Understand, plan and communicate design criteria to achieve timely implementation.  Establish a proactive and comprehensive view for effective ERA and ERM. Session G4 Slide # 7 Goals & Challenges
Process Location Revenue & Receivables Purchasing & Payables Inventory HR & Payroll Fixed Assets Financial Close & Reporting SEC Equity & Treasury Taxes Entity Level Controls IT General Controls TOTAL Chelmsford 16 8 17 10 12 15 7 15 18 32 17 167 Colorado 2 1 3 2 1 9 Petaluma 2 1 3 2 1 9 Jena 9 7 11 5 11 2 3 48 Korea 7 4 4 5 2 1 23 Poway 9 7 11 5 11 2 45 Manchester 9 7 11 5 11 2 3 48 Japan 8 5 5 5 2 3 28 Taiwan 2 2 3 5 4 2 18 TOTAL 64 42 68 44 47 29 7 27 18 32 17 395 Session G4 Slide # 8 Goals & Challenges
BLSS - Manchester Revenue - 2013 SOX CYCLE CONTROLS Section Control Objective 2013 Control Activity Control Owner Control Frequency Control Type Manual / System Population Sample / Ratio Test Reference Tab # Name Rollforward Test Status New Customers Authorization is required prior to setting up or modifying customer account within the ERP system. R&R CA 01 A- All new customer accounts must be approved for credit & have an account set up in system before any work commences or shipments are made. B- The AR department assesses customer credit worthiness for new & existing customers at time of PO receipt / acceptance. Credit personnel perform the initial assessment, but obtain the applicable approvals based upon the Credit Limit Matrix. Additionally, credit personnel may solicit input from Manager of Credit & Collections and/or Corporate Controller in assessing credit worthiness. Stephen Hurst Daily Detective Manual 0 R&R CA 01 N/A Customer Purchase Order Customer Purchase Order (CPO) and verified, validated, reviewed and approved. R&R CA 02 Upon receipt of a customer purchase order (CPO), order administration shall match the CPO to the approved quotation or sales proposal, and shall verify that all elements including terms and conditions and line item detail on the CPO match the associated quotation, proposal, or sales contract. Stephen Hurst Daily Detective Manual 30 of 72 / 42% / $900k of $3.7M / 24% R&R CA 02 Ineffective Invoicing Invoices for orders which do/not require physical shipment are reviewed for period revenue recognition. R&R CA 03 a. Invoices should provide a reference to the customer purchase order or contract to which it references… b. Invoices should only be posted for hardware that is shipped and services that have been provided (unless other invoicing arrangements are agreed to with the customer and a process to ensure deferral of un-earned revenue is implemented) Stephen Hurst Daily Detective Manual 6.095m of 6.861m / 89% / 25 of 47 / 53% R&R CA 03 Effective Session G4 Slide # 9 Goals & Challenges
IInntteerrnnaall AAuuddiitt RReeppoorrtt BBLLSSSS MMaanncchheesstteerr,, UUKK Field Work Dates September 30th – November 29th Final Report Date: December 2nd Table of Contents Audit Key Steps .........................................................................................................2 Executive Summary...................................................................................................2 Appendix I – Summary of Key Controls by Process ........................................5 Appendix II – Deficiencies ...................................................................................6 Appendix III – SOX Enterprise Scoping .............................................................10 Appendix IV – Background .................................................................................11 Appendix V – Organization Charts....................................................................12 Appendix VI – Distribution ..................................................................................16 The team responsible for this audit, comprised of David Fernandes and Alex Byrne, would like to thank those individuals who contributed to this project, and particularly, employees who provided insights and comments as part of this audit. PPrriivviilleeggeedd aanndd CCoonnffiiddeennttiiaall Session G4 Slide # 10 Goals & Challenges Very little time to complete report
Challenges  Building blocks of processes, roles and technologies were not properly established.  Management does not fully understand or accept their critical role and responsibilities.  Risks that the project will not achieve the desired outcomes.  Business owners fail to see the value of the process and terminate the audit program.  Understanding what data is required to support a specific test and  Obtaining a complete and controlled population of that data. Decision Making & Communication Data Analysis tools represent tremendous change for an organization :  Could be a very significant change for your team.  Effective communication of your vision for the change – and how it will impact the entire organization – is essential. Be sure to include:  the right people,  the right time,  the right levels. Session G4 Slide # 11 Goals & Challenges
Optimized Controls Opportunities to improve and automate controls for continuous monitoring Session G4 Slide # 12 Goals & Challenges
Design a Sustainable Controls Framework  Senior Management view controls as a necessary nuisance, making it difficult for CFO’s / VP Finance or Compliance Officers and their teams to demonstrate how controls can add value to the business.  Businesses typically agrees with the accounting group about “why” controls are necessary, but disagrees about “how” to best implement them.  Large company control frameworks usually improve on a linear scale, but business complexity at small to midsized companies often increases exponentially. Leverage Experience Update FrequentlyEngage Business Leaders Pair finance leaders with business leaders to ensure sufficient knowledge of the business and the risk environment. Articulate the benefits of increased assurance to persuade business leaders to participate in controls updates. Revisit the framework at least twice a year (Interim & Roll Forward) or during periods of significant business change. 13Session G4 Slide # Goals & Challenges
TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 14
Data Analytic Software Session G4 Slide # 15 Why ACL ?
 is purpose built for data analytics with proven experience.  can analyze 100% of the available data no matter how much.  is read only ensuring data integrity and security.  can read all data types no matter the source.  has a log file that records every step.  does not require users to be programmers. Why ACL ? Session G4 Slide # 16
IT Audit Benchmark Study 2009 The Gold Standard in Audit & Compliance Technology Data Analysis Software Other: Access, Business Objects, Crystal Reports, IDEA, Showcase, and internally developed software. Data Extraction Software Continuous AuditingFraud Detection / Investigation Other: Excel, Idea, In-house, Oracle, PeopleSoft, Proprietary, Showcase Query Other: Active Data, DCMS, Hyperion, SAP, and SAS. Other: Access, ActiveData, Crystal Reports, DCMS, DISSCO, Focus, Patriot Officer, PeopleSoft Queries, SAS, Showcase Query, and VIPs. Why ACL ? Session G4 Slide # 17
Data Analytics for …. • Purchase to Payment: Duplicate payments, segregation of duties, requisition & purchasing limits, vendor master, etc. • Purchasing Card: Invalid employees, duplicate purchasing cards, exceed transaction limit, etc. • Travel & Entertainment: Transaction limits, split transactions, prohibited merchants, weekend & holiday transactions, etc. • General Ledger: Validation of trial balance, duplicate journal entries, suspicious journal entries, reversed journal entries, etc. • Payroll: Invalid/Unauthorized employees, overtime approval, retirement & termination, etc. • Order to Cash: Prohibited customer, unauthorized discounts, credit limits, missing sales order, etc. Why ACL ? Session G4 Slide # 18
TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 19
20 Pre - Implementation • Quantify the need for the software (scope, size, cost benefit). • Decisions around platforms, vendors and timing . • Engage Senior Management for support and sponsorship. • Establish the framework of business requirements. • Plan a smooth transition from research, testing to implementation. IMPLEMENTATION OVERVIEW Session G4 Slide #
Planning Document Requests Data Analysis Tools Current Working Papers Document Results Fieldwork The Audit Cycle Review Reporting Follow-up Organize Supporting Evidence Identify Findings Review & Sign-off Track Status Track Finding Remediation Roll-forward Risk Assessment Audit Plan Review Notes 21Session G4 Slide # IMPLEMENTATION OVERVIEW
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage CATEGORY FULL WRITE READ System Administrators Audit Manager Auditor Business Partner / Process Owners : Request List Findings. Executive Planning Findings To Do List Results Requests External Reviewer: Planning Results Findings . Flow of Information | Design Access Criteria 22 IMPLEMENTATION OVERVIEW Session G4 Slide #
Flow of Information | Workpapers BROOKS Findings Processes Quality Narratives Risks & Controls Narratives Walkthroug h Walkthroug h Walkthrough TestingTestingTesting Findings Findings Findings Narratives Narratives Narratives Overview Audit Risks Procedures & Plan Narratives Walkthrough Walkthrough Execute Audit Plan Findings Findings Findings Internal Control Audits: Controls are identified and tested within processes - Identify Risk & Key Controls -Risk Control Matrix SOX, Financial, IT General Controls Audits: SOX Classification or Process Operational Capital / Fixed Assets Travel & Entertainment Financial Reporting / SEC Excess & Obsolescence Inventory / PI FCPA / Compliance Human Resources and Payroll Entity Level Control Purchasing & Payables ITGC Revenue & Receivables 23Session G4 Slide # IMPLEMENTATION OVERVIEW
24Session G4 Slide # IMPLEMENTATION OVERVIEW Issues • Cost / Scope Creep • Data Mining Knowledge • IT Support • Cost / Scope Creep  Costs Escalation  Services Training  Modules • Limited Data Mining Knowledge  IA knowledge and experience with data mining was very limited.  Difficult to allocate training time for new software. • IT Support  How do we sustain the system after implementation? Leverage IT, make them a partner.  Who owns the system? IT  Who are the stakeholders? Finance, Operations, IT  Pace of implementation ?
25 Implementation • Ensure you have effective management of the effort , consider using a Project Manager • Conflict Management : Resolve issues – planned and unplanned as they arise. • Take the time to adequately manage the…. i. Project - Data management. ii. Timeframe - Change management and training. iii. Budget – Watch for Scope Creep. IMPLEMENTATION OVERVIEW Session G4 Slide #
Pitfalls • Identify your key business areas that requires data analysis and your key audit objectives. a) Involve your business partners. b) Set up a data warehouse for testing. • Converting operational audit objectives into information systems objectives. • Converting application system files to ACL readable format Audit program design specification. • Detailed Audit program design Audit process automation. • Writing ACL Scripts for the audit programs ACL Scripts testing Script documentation. a) Due to the variety of formats and customized audit files, migration of data must be looked at carefully. b) Analyzing data using some of the features of CAAT (e.g., stratify, filter, summarize, reports, logs), c) Linking data tables - ensure that you have an IT resource to assist you. d) Using filters, computed fields, and extractions. e) Modification to the infrastructure may lead to data leakages – identify risk zones within each area. f) Periodic review of the implemented scripts to assess their ability to meeting audit objectives in the light of changes in the operating business environment. g) Reformulating audit objectives to address new and emerging business issues. h) Identifying the relevant application system files to be used in new batch design. i) Developing new and testing new scripts, and j) Implementation of the latest and current batches Planning and Execution Pitfalls to Avoid 26 IMPLEMENTATION OVERVIEW Session G4 Slide #
Scope Management 1. Develop a scope management plan : Effective pre-implementation communication should make the transition a smooth event. Ensure stakeholders understand the project vision. 2. Implement change management and stick to it as many activities will overlap during the testing and implementation processes. 3. Ensure effective implementation management ensures that movement from one activity to another is well- controlled and anticipated: Define requirements, objectives, deliverables – watch for data integrity, false positives. Fight the urge to bring in ‘everything’ - Bring in only what you need! Training 1. Ensure that you understand user training requirements, talk to HR and IT. 2. Develop training plan and strategy, 3. Deliver interactive training, use video etc and detailed documents.. Idiots Guide Transition to Implementation 27 IMPLEMENTATION OVERVIEW Session G4 Slide #
Enterprise Risks Mitigation Efforts Objectives Risk Manager Project Manager Beta Results Manager Projects Controls Data Tests Issues Map ACL Modules to Processes Stakeholder Specific Modules. Authorization Granted based on Need / Security. 28 IMPLEMENTATION OVERVIEW Session G4 Slide #
29Session G4 Slide # IMPLEMENTATION OVERVIEW Actions • IT Support  IT Participation and involvement.  Joint ownership and encourage staff to take responsibility for influencing the change.  IT Facilitation and support. Scheduled and automated data extractions at off-peak hours. • Cost / Scope Creep  Negotiation and agreement.  Involvement of stakeholders.  Tight control of system requirements.  Limited Training. • Data Mining Knowledge  Focused on in house training.  Pilot demo to ascertain strengths and weaknesses.
 Provides a standardized workflow; ensuring consistency across the team.  Audits will be centralized, saving time in one easy-to-find place for everyone to access, including external auditors.  Automatically rolls up time tracked, status and findings, eliminating manual reporting  Manage Document Request Lists , tracking all requested items and send reminders via email to clients or business owners.  Manages team collaboration. Review notes and comments between staff and reviewer, or between team members when multiple staff are assigned to work the same section or objective.  Each project captures all system activity and is viewable on the project dashboard. The activity log is viewable in Excel when you backup and download your project.  Each audit has its own structure, milestones and workflow. Each milestone within each audit has a review and sign-off function. Sign-offs and reviews are tracked.  Sign-off and reviews can be performed at the section level, or the control level. Implementation Benefits 30 IMPLEMENTATION OVERVIEW
TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 31
Identify and Prioritize your company’s key controls. Develop a structured way to collect on the impact and effectiveness Continuous Auditing & Monitoring No more excuses! 32
33 ACL GRC OVERVIEW Session G4 Slide #
Access and analyze complete data populations with easy and 100% coverage for superior assurance Visualize, widely share and act on information uncovered in analysis testing across the business Automatically distribute exceptions found during data analysis testing to multiple business stakeholders An add-in for Microsoft Excel® designed for working with data results produced by analytic systems Enterprise Continuous Monitoring Enterprise Data SQL HR / Payroll Workday ERP Dashboard ExceptionsData Warehouse Add Ons Session B8 Slide #

Recommended

THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURETHE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITUREAbhishek Sood
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
Seg dutieschecklist
Seg dutieschecklistSeg dutieschecklist
Seg dutieschecklistPakistan State Oil Company Limited
 
Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Oracle
 
Strategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementStrategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementCA Technologies
 
IFG Finance Accounting and Risk Solutions
IFG Finance Accounting and Risk SolutionsIFG Finance Accounting and Risk Solutions
IFG Finance Accounting and Risk SolutionsJames Hannan, CPA
 
Ey segregation of_duties
Ey segregation of_dutiesEy segregation of_duties
Ey segregation of_dutiesIndrani Bhattacharya
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 

Recommended

THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURETHE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITUREAbhishek Sood
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
Seg dutieschecklist
Seg dutieschecklistSeg dutieschecklist
Seg dutieschecklistPakistan State Oil Company Limited
 
Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Oracle
 
Strategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementStrategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementCA Technologies
 
IFG Finance Accounting and Risk Solutions
IFG Finance Accounting and Risk SolutionsIFG Finance Accounting and Risk Solutions
IFG Finance Accounting and Risk SolutionsJames Hannan, CPA
 
Ey segregation of_duties
Ey segregation of_dutiesEy segregation of_duties
Ey segregation of_dutiesIndrani Bhattacharya
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Business Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - AnalyticsBusiness Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - AnalyticsLaurence Gartner
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlException analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlDan French
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsDan Aldridge, ERP Software Evangelist, LION
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isacapooshu
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview SlidesOsten Taylor
 
Modern Finance Tour London May 2016
Modern Finance Tour London May 2016Modern Finance Tour London May 2016
Modern Finance Tour London May 2016BlackLine
 
TouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutionsTouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutionsJohnMaverick9
 
Improving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster CloseImproving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster CloseFindWhitePapers
 
Confidence in Financial Control with ACL
Confidence in Financial Control with ACLConfidence in Financial Control with ACL
Confidence in Financial Control with ACLDan French
 
Gartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 OverviewGartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 OverviewPascal Winckel
 
Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008ricapower
 
Final presentation getting rpa right in 2021
Final presentation getting rpa right in 2021Final presentation getting rpa right in 2021
Final presentation getting rpa right in 2021Auxis Consulting & Outsourcing
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyDan French
 
CA ITSM & ITAM
CA ITSM & ITAMCA ITSM & ITAM
CA ITSM & ITAMJames Farley-Sutton
 
BlackLine System Admin Best Practices
BlackLine System Admin Best PracticesBlackLine System Admin Best Practices
BlackLine System Admin Best PracticesAviva Spectrum™
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilitiesWafaa N. AbuSadah
 
Case Study Appliance Company
Case Study Appliance CompanyCase Study Appliance Company
Case Study Appliance CompanyLynnette Orcholski
 
Case Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick WinsCase Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick WinsChazey Partners
 
Business requirements gathering for bi
Business requirements gathering for biBusiness requirements gathering for bi
Business requirements gathering for biCorey Dayhuff
 
Best Practices for the Service Cloud
Best Practices for the Service CloudBest Practices for the Service Cloud
Best Practices for the Service CloudRoss Bauer
 
Supply Chain Transformation
Supply Chain TransformationSupply Chain Transformation
Supply Chain TransformationElm Valle
 

More Related Content

What's hot

Business Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - AnalyticsBusiness Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - AnalyticsLaurence Gartner
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlException analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlDan French
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isacapooshu
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview SlidesOsten Taylor
 
Modern Finance Tour London May 2016
Modern Finance Tour London May 2016Modern Finance Tour London May 2016
Modern Finance Tour London May 2016BlackLine
 
TouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutionsTouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutionsJohnMaverick9
 
Improving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster CloseImproving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster CloseFindWhitePapers
 
Confidence in Financial Control with ACL
Confidence in Financial Control with ACLConfidence in Financial Control with ACL
Confidence in Financial Control with ACLDan French
 
Gartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 OverviewGartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 OverviewPascal Winckel
 
Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008ricapower
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyDan French
 
BlackLine System Admin Best Practices
BlackLine System Admin Best PracticesBlackLine System Admin Best Practices
BlackLine System Admin Best PracticesAviva Spectrum™
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilitiesWafaa N. AbuSadah
 
Case Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick WinsCase Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick WinsChazey Partners
 

What's hot (19)

Business Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - AnalyticsBusiness Processes - Improvement - Reengineering - Analytics
Business Processes - Improvement - Reengineering - Analytics
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
 
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlException analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & Control
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isaca
 
BlackLine Platform Overview Slides
BlackLine Platform Overview SlidesBlackLine Platform Overview Slides
BlackLine Platform Overview Slides
 
Modern Finance Tour London May 2016
Modern Finance Tour London May 2016Modern Finance Tour London May 2016
Modern Finance Tour London May 2016
 
TouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutionsTouchBase Quote-to-Cash-solutions
TouchBase Quote-to-Cash-solutions
 
Improving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster CloseImproving Intercompany Reconciliation for a Faster Close
Improving Intercompany Reconciliation for a Faster Close
 
Confidence in Financial Control with ACL
Confidence in Financial Control with ACLConfidence in Financial Control with ACL
Confidence in Financial Control with ACL
 
Gartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 OverviewGartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
Gartner IT Financial, Procurement & Asset Management Summit London 2011 Overview
 
Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008Rica Corp Deltek Solutions Brochure 112008
Rica Corp Deltek Solutions Brochure 112008
 
Final presentation getting rpa right in 2021
Final presentation getting rpa right in 2021Final presentation getting rpa right in 2021
Final presentation getting rpa right in 2021
 
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with EfficiencyInforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with Efficiency
 
CA ITSM & ITAM
CA ITSM & ITAMCA ITSM & ITAM
CA ITSM & ITAM
 
BlackLine System Admin Best Practices
BlackLine System Admin Best PracticesBlackLine System Admin Best Practices
BlackLine System Admin Best Practices
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
 
Case Study Appliance Company
Case Study Appliance CompanyCase Study Appliance Company
Case Study Appliance Company
 
Case Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick WinsCase Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
Case Study on Driving Procure to Pay (Purchase to Pay) Quick Wins
 

Similar to Super Strategies 2014 ACL Presentation

Business requirements gathering for bi
Business requirements gathering for biBusiness requirements gathering for bi
Business requirements gathering for biCorey Dayhuff
 
Best Practices for the Service Cloud
Best Practices for the Service CloudBest Practices for the Service Cloud
Best Practices for the Service CloudRoss Bauer
 
Supply Chain Transformation
Supply Chain TransformationSupply Chain Transformation
Supply Chain TransformationElm Valle
 
Daniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matterDaniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matteritSMF UK
 
B P G001 Loveland 091707
B P G001 Loveland 091707B P G001 Loveland 091707
B P G001 Loveland 091707Dreamforce07
 
Navigating the Build vs. Buy Decision for Your Finance Technology Needs
Navigating the Build vs. Buy Decision for Your Finance Technology NeedsNavigating the Build vs. Buy Decision for Your Finance Technology Needs
Navigating the Build vs. Buy Decision for Your Finance Technology NeedsGotransverse
 
Business Process Management Strategy And Shared Services
Business Process Management Strategy And Shared ServicesBusiness Process Management Strategy And Shared Services
Business Process Management Strategy And Shared ServicesSSFIndia1
 
Getting Started with (Just Enough) Data Governance
Getting Started with (Just Enough) Data GovernanceGetting Started with (Just Enough) Data Governance
Getting Started with (Just Enough) Data GovernanceSenturus
 
IT Service Catalogues
IT Service CataloguesIT Service Catalogues
IT Service Cataloguesbczaja
 
Managed Services Using SLAs and KPIs
Managed Services Using SLAs and KPIsManaged Services Using SLAs and KPIs
Managed Services Using SLAs and KPIsProlifics
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
Best Practices: Leadecs Digitization
Best Practices: Leadecs DigitizationBest Practices: Leadecs Digitization
Best Practices: Leadecs DigitizationLeadec
 
Transform Data into Action
Transform Data into ActionTransform Data into Action
Transform Data into ActionWorkday, Inc.
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle
 
Control phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateControl phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateSteven Bonacorsi
 
Control phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateControl phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateSteven Bonacorsi
 

Similar to Super Strategies 2014 ACL Presentation (20)

Business requirements gathering for bi
Business requirements gathering for biBusiness requirements gathering for bi
Business requirements gathering for bi
 
Best Practices for the Service Cloud
Best Practices for the Service CloudBest Practices for the Service Cloud
Best Practices for the Service Cloud
 
Supply Chain Transformation
Supply Chain TransformationSupply Chain Transformation
Supply Chain Transformation
 
Daniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matterDaniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matter
 
B P G001 Loveland 091707
B P G001 Loveland 091707B P G001 Loveland 091707
B P G001 Loveland 091707
 
Navigating the Build vs. Buy Decision for Your Finance Technology Needs
Navigating the Build vs. Buy Decision for Your Finance Technology NeedsNavigating the Build vs. Buy Decision for Your Finance Technology Needs
Navigating the Build vs. Buy Decision for Your Finance Technology Needs
 
Business Process Management Strategy And Shared Services
Business Process Management Strategy And Shared ServicesBusiness Process Management Strategy And Shared Services
Business Process Management Strategy And Shared Services
 
Getting Started with (Just Enough) Data Governance
Getting Started with (Just Enough) Data GovernanceGetting Started with (Just Enough) Data Governance
Getting Started with (Just Enough) Data Governance
 
IT Service Catalogues
IT Service CataloguesIT Service Catalogues
IT Service Catalogues
 
Managed Services Using SLAs and KPIs
Managed Services Using SLAs and KPIsManaged Services Using SLAs and KPIs
Managed Services Using SLAs and KPIs
 
2 itil v3 concepts v1.8
2 itil v3 concepts v1.82 itil v3 concepts v1.8
2 itil v3 concepts v1.8
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
 
Best Practices: Leadecs Digitization
Best Practices: Leadecs DigitizationBest Practices: Leadecs Digitization
Best Practices: Leadecs Digitization
 
Transform Data into Action
Transform Data into ActionTransform Data into Action
Transform Data into Action
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessions
 
Call Center Life 101 v3
Call Center Life 101 v3Call Center Life 101 v3
Call Center Life 101 v3
 
1B project MS V2
1B project MS V21B project MS V2
1B project MS V2
 
Control phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateControl phase lean six sigma tollgate template
Control phase lean six sigma tollgate template
 
Control phase lean six sigma tollgate template
Control phase lean six sigma tollgate templateControl phase lean six sigma tollgate template
Control phase lean six sigma tollgate template
 
Benchmark webinar presentation
Benchmark webinar presentationBenchmark webinar presentation
Benchmark webinar presentation
 

Super Strategies 2014 ACL Presentation

  • 1. Overcoming Small Department Challenges Session G4 Wednesday, April 30th, 2014 10:45 – 11:45 David Fernandes Implementing ACL - A Strategy For Success
  • 2. ACL Workpapers & GRC Project Case Study Implementing ACL - A Strategy For Success Session G4 Slide # 2
  • 3. TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES ACL WORKPAPERS GRC OVERVIEW ACL RISK OVERVIEW Q&A Implementing ACL - A Strategy For Success Session G4 Slide # 3
  • 4. YOUR EXPECTATIONS How many in Audit Department ? <5 < 10 What are you using now ? Excel / Word / TeamMate What do you want to accomplish with a Workpapers / GRC solution ? When do you want to have a Workpapers / GRC solution in place ? Session G4 Slide # 4 Implementing ACL - A Strategy For Success
  • 5. • Fraud Detection • Segregation of Duties • Automation of Data Mining • Compliance Issues • Regulatory Issues • Commission Payments But wait…there is more …… • Identify fraud, misuse, and errors • Identify compliance issues • Flag exceptions in real time • Automate manual processes for continuous monitoring What issues do you want to solve ?? Session G4 Slide # 5 Implementing ACL - A Strategy For Success
  • 6. TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES ACL WORKPAPERS GRC OVERVIEW ACL RISK OVERVIEW Q&A Session G4 Slide # 6 Implementing ACL - A Strategy For Success
  • 7. Goals - Do More - With Less  Develop a framework for assessing different levels of audit analytic techniques and associated benefits.  Define progressive levels to evolve its use of Data / Business Analytics.  Identify the building blocks: People, Process and Technology that must be in place to optimize benefits.  Understand, plan and communicate design criteria to achieve timely implementation.  Establish a proactive and comprehensive view for effective ERA and ERM. Session G4 Slide # 7 Goals & Challenges
  • 8. Process Location Revenue & Receivables Purchasing & Payables Inventory HR & Payroll Fixed Assets Financial Close & Reporting SEC Equity & Treasury Taxes Entity Level Controls IT General Controls TOTAL Chelmsford 16 8 17 10 12 15 7 15 18 32 17 167 Colorado 2 1 3 2 1 9 Petaluma 2 1 3 2 1 9 Jena 9 7 11 5 11 2 3 48 Korea 7 4 4 5 2 1 23 Poway 9 7 11 5 11 2 45 Manchester 9 7 11 5 11 2 3 48 Japan 8 5 5 5 2 3 28 Taiwan 2 2 3 5 4 2 18 TOTAL 64 42 68 44 47 29 7 27 18 32 17 395 Session G4 Slide # 8 Goals & Challenges
  • 9. BLSS - Manchester Revenue - 2013 SOX CYCLE CONTROLS Section Control Objective 2013 Control Activity Control Owner Control Frequency Control Type Manual / System Population Sample / Ratio Test Reference Tab # Name Rollforward Test Status New Customers Authorization is required prior to setting up or modifying customer account within the ERP system. R&R CA 01 A- All new customer accounts must be approved for credit & have an account set up in system before any work commences or shipments are made. B- The AR department assesses customer credit worthiness for new & existing customers at time of PO receipt / acceptance. Credit personnel perform the initial assessment, but obtain the applicable approvals based upon the Credit Limit Matrix. Additionally, credit personnel may solicit input from Manager of Credit & Collections and/or Corporate Controller in assessing credit worthiness. Stephen Hurst Daily Detective Manual 0 R&R CA 01 N/A Customer Purchase Order Customer Purchase Order (CPO) and verified, validated, reviewed and approved. R&R CA 02 Upon receipt of a customer purchase order (CPO), order administration shall match the CPO to the approved quotation or sales proposal, and shall verify that all elements including terms and conditions and line item detail on the CPO match the associated quotation, proposal, or sales contract. Stephen Hurst Daily Detective Manual 30 of 72 / 42% / $900k of $3.7M / 24% R&R CA 02 Ineffective Invoicing Invoices for orders which do/not require physical shipment are reviewed for period revenue recognition. R&R CA 03 a. Invoices should provide a reference to the customer purchase order or contract to which it references… b. Invoices should only be posted for hardware that is shipped and services that have been provided (unless other invoicing arrangements are agreed to with the customer and a process to ensure deferral of un-earned revenue is implemented) Stephen Hurst Daily Detective Manual 6.095m of 6.861m / 89% / 25 of 47 / 53% R&R CA 03 Effective Session G4 Slide # 9 Goals & Challenges
  • 10. IInntteerrnnaall AAuuddiitt RReeppoorrtt BBLLSSSS MMaanncchheesstteerr,, UUKK Field Work Dates September 30th – November 29th Final Report Date: December 2nd Table of Contents Audit Key Steps .........................................................................................................2 Executive Summary...................................................................................................2 Appendix I – Summary of Key Controls by Process ........................................5 Appendix II – Deficiencies ...................................................................................6 Appendix III – SOX Enterprise Scoping .............................................................10 Appendix IV – Background .................................................................................11 Appendix V – Organization Charts....................................................................12 Appendix VI – Distribution ..................................................................................16 The team responsible for this audit, comprised of David Fernandes and Alex Byrne, would like to thank those individuals who contributed to this project, and particularly, employees who provided insights and comments as part of this audit. PPrriivviilleeggeedd aanndd CCoonnffiiddeennttiiaall Session G4 Slide # 10 Goals & Challenges Very little time to complete report
  • 11. Challenges  Building blocks of processes, roles and technologies were not properly established.  Management does not fully understand or accept their critical role and responsibilities.  Risks that the project will not achieve the desired outcomes.  Business owners fail to see the value of the process and terminate the audit program.  Understanding what data is required to support a specific test and  Obtaining a complete and controlled population of that data. Decision Making & Communication Data Analysis tools represent tremendous change for an organization :  Could be a very significant change for your team.  Effective communication of your vision for the change – and how it will impact the entire organization – is essential. Be sure to include:  the right people,  the right time,  the right levels. Session G4 Slide # 11 Goals & Challenges
  • 12. Optimized Controls Opportunities to improve and automate controls for continuous monitoring Session G4 Slide # 12 Goals & Challenges
  • 13. Design a Sustainable Controls Framework  Senior Management view controls as a necessary nuisance, making it difficult for CFO’s / VP Finance or Compliance Officers and their teams to demonstrate how controls can add value to the business.  Businesses typically agrees with the accounting group about “why” controls are necessary, but disagrees about “how” to best implement them.  Large company control frameworks usually improve on a linear scale, but business complexity at small to midsized companies often increases exponentially. Leverage Experience Update FrequentlyEngage Business Leaders Pair finance leaders with business leaders to ensure sufficient knowledge of the business and the risk environment. Articulate the benefits of increased assurance to persuade business leaders to participate in controls updates. Revisit the framework at least twice a year (Interim & Roll Forward) or during periods of significant business change. 13Session G4 Slide # Goals & Challenges
  • 14. TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 14
  • 16.  is purpose built for data analytics with proven experience.  can analyze 100% of the available data no matter how much.  is read only ensuring data integrity and security.  can read all data types no matter the source.  has a log file that records every step.  does not require users to be programmers. Why ACL ? Session G4 Slide # 16
  • 17. IT Audit Benchmark Study 2009 The Gold Standard in Audit & Compliance Technology Data Analysis Software Other: Access, Business Objects, Crystal Reports, IDEA, Showcase, and internally developed software. Data Extraction Software Continuous AuditingFraud Detection / Investigation Other: Excel, Idea, In-house, Oracle, PeopleSoft, Proprietary, Showcase Query Other: Active Data, DCMS, Hyperion, SAP, and SAS. Other: Access, ActiveData, Crystal Reports, DCMS, DISSCO, Focus, Patriot Officer, PeopleSoft Queries, SAS, Showcase Query, and VIPs. Why ACL ? Session G4 Slide # 17
  • 18. Data Analytics for …. • Purchase to Payment: Duplicate payments, segregation of duties, requisition & purchasing limits, vendor master, etc. • Purchasing Card: Invalid employees, duplicate purchasing cards, exceed transaction limit, etc. • Travel & Entertainment: Transaction limits, split transactions, prohibited merchants, weekend & holiday transactions, etc. • General Ledger: Validation of trial balance, duplicate journal entries, suspicious journal entries, reversed journal entries, etc. • Payroll: Invalid/Unauthorized employees, overtime approval, retirement & termination, etc. • Order to Cash: Prohibited customer, unauthorized discounts, credit limits, missing sales order, etc. Why ACL ? Session G4 Slide # 18
  • 19. TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 19
  • 20. 20 Pre - Implementation • Quantify the need for the software (scope, size, cost benefit). • Decisions around platforms, vendors and timing . • Engage Senior Management for support and sponsorship. • Establish the framework of business requirements. • Plan a smooth transition from research, testing to implementation. IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 21. Planning Document Requests Data Analysis Tools Current Working Papers Document Results Fieldwork The Audit Cycle Review Reporting Follow-up Organize Supporting Evidence Identify Findings Review & Sign-off Track Status Track Finding Remediation Roll-forward Risk Assessment Audit Plan Review Notes 21Session G4 Slide # IMPLEMENTATION OVERVIEW
  • 22. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage CATEGORY FULL WRITE READ System Administrators Audit Manager Auditor Business Partner / Process Owners : Request List Findings. Executive Planning Findings To Do List Results Requests External Reviewer: Planning Results Findings . Flow of Information | Design Access Criteria 22 IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 23. Flow of Information | Workpapers BROOKS Findings Processes Quality Narratives Risks & Controls Narratives Walkthroug h Walkthroug h Walkthrough TestingTestingTesting Findings Findings Findings Narratives Narratives Narratives Overview Audit Risks Procedures & Plan Narratives Walkthrough Walkthrough Execute Audit Plan Findings Findings Findings Internal Control Audits: Controls are identified and tested within processes - Identify Risk & Key Controls -Risk Control Matrix SOX, Financial, IT General Controls Audits: SOX Classification or Process Operational Capital / Fixed Assets Travel & Entertainment Financial Reporting / SEC Excess & Obsolescence Inventory / PI FCPA / Compliance Human Resources and Payroll Entity Level Control Purchasing & Payables ITGC Revenue & Receivables 23Session G4 Slide # IMPLEMENTATION OVERVIEW
  • 24. 24Session G4 Slide # IMPLEMENTATION OVERVIEW Issues • Cost / Scope Creep • Data Mining Knowledge • IT Support • Cost / Scope Creep  Costs Escalation  Services Training  Modules • Limited Data Mining Knowledge  IA knowledge and experience with data mining was very limited.  Difficult to allocate training time for new software. • IT Support  How do we sustain the system after implementation? Leverage IT, make them a partner.  Who owns the system? IT  Who are the stakeholders? Finance, Operations, IT  Pace of implementation ?
  • 25. 25 Implementation • Ensure you have effective management of the effort , consider using a Project Manager • Conflict Management : Resolve issues – planned and unplanned as they arise. • Take the time to adequately manage the…. i. Project - Data management. ii. Timeframe - Change management and training. iii. Budget – Watch for Scope Creep. IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 26. Pitfalls • Identify your key business areas that requires data analysis and your key audit objectives. a) Involve your business partners. b) Set up a data warehouse for testing. • Converting operational audit objectives into information systems objectives. • Converting application system files to ACL readable format Audit program design specification. • Detailed Audit program design Audit process automation. • Writing ACL Scripts for the audit programs ACL Scripts testing Script documentation. a) Due to the variety of formats and customized audit files, migration of data must be looked at carefully. b) Analyzing data using some of the features of CAAT (e.g., stratify, filter, summarize, reports, logs), c) Linking data tables - ensure that you have an IT resource to assist you. d) Using filters, computed fields, and extractions. e) Modification to the infrastructure may lead to data leakages – identify risk zones within each area. f) Periodic review of the implemented scripts to assess their ability to meeting audit objectives in the light of changes in the operating business environment. g) Reformulating audit objectives to address new and emerging business issues. h) Identifying the relevant application system files to be used in new batch design. i) Developing new and testing new scripts, and j) Implementation of the latest and current batches Planning and Execution Pitfalls to Avoid 26 IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 27. Scope Management 1. Develop a scope management plan : Effective pre-implementation communication should make the transition a smooth event. Ensure stakeholders understand the project vision. 2. Implement change management and stick to it as many activities will overlap during the testing and implementation processes. 3. Ensure effective implementation management ensures that movement from one activity to another is well- controlled and anticipated: Define requirements, objectives, deliverables – watch for data integrity, false positives. Fight the urge to bring in ‘everything’ - Bring in only what you need! Training 1. Ensure that you understand user training requirements, talk to HR and IT. 2. Develop training plan and strategy, 3. Deliver interactive training, use video etc and detailed documents.. Idiots Guide Transition to Implementation 27 IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 28. Enterprise Risks Mitigation Efforts Objectives Risk Manager Project Manager Beta Results Manager Projects Controls Data Tests Issues Map ACL Modules to Processes Stakeholder Specific Modules. Authorization Granted based on Need / Security. 28 IMPLEMENTATION OVERVIEW Session G4 Slide #
  • 29. 29Session G4 Slide # IMPLEMENTATION OVERVIEW Actions • IT Support  IT Participation and involvement.  Joint ownership and encourage staff to take responsibility for influencing the change.  IT Facilitation and support. Scheduled and automated data extractions at off-peak hours. • Cost / Scope Creep  Negotiation and agreement.  Involvement of stakeholders.  Tight control of system requirements.  Limited Training. • Data Mining Knowledge  Focused on in house training.  Pilot demo to ascertain strengths and weaknesses.
  • 30.  Provides a standardized workflow; ensuring consistency across the team.  Audits will be centralized, saving time in one easy-to-find place for everyone to access, including external auditors.  Automatically rolls up time tracked, status and findings, eliminating manual reporting  Manage Document Request Lists , tracking all requested items and send reminders via email to clients or business owners.  Manages team collaboration. Review notes and comments between staff and reviewer, or between team members when multiple staff are assigned to work the same section or objective.  Each project captures all system activity and is viewable on the project dashboard. The activity log is viewable in Excel when you backup and download your project.  Each audit has its own structure, milestones and workflow. Each milestone within each audit has a review and sign-off function. Sign-offs and reviews are tracked.  Sign-off and reviews can be performed at the section level, or the control level. Implementation Benefits 30 IMPLEMENTATION OVERVIEW
  • 31. TOPICS YOUR EXPECTATIONS GOALS & CHALLENGES WHY ACL? IMPLEMENTATION OVERVIEW ACL GRC OVERVIEW Implementing ACL - A Strategy For Success Session G4 Slide # 31
  • 32. Identify and Prioritize your company’s key controls. Develop a structured way to collect on the impact and effectiveness Continuous Auditing & Monitoring No more excuses! 32
  • 34. Access and analyze complete data populations with easy and 100% coverage for superior assurance Visualize, widely share and act on information uncovered in analysis testing across the business Automatically distribute exceptions found during data analysis testing to multiple business stakeholders An add-in for Microsoft Excel® designed for working with data results produced by analytic systems Enterprise Continuous Monitoring Enterprise Data SQL HR / Payroll Workday ERP Dashboard ExceptionsData Warehouse Add Ons Session B8 Slide #

Editor's Notes

  1. MIS Training Institute Section # - Page 1 XXXXXX XXX ©
  2. Play 1. Dilbert The Importance of Strategies Video
  3. Introduce and example of sox compliance PLAY 2. Dilbert Career Options, Leadership and Imaginary Things, More with Less and Wellness Factor
  4. Set parameters is very difficult…. Nered IT support and clear vision on what control to monitor and how you will do so…
  5. Lets looks at 3 areas required to implement Sustainable Controls Framework
  6. Let’s look at the most recent IT Audit Benchmarking Study (2009) published by The IIA Research Foundation’s Global Audit Information Network. This represents feedback from leading internal audit departments globally. You can see the commanding lead we have in the area of Data Analysis software…over 3 ½ times the share of our nearest competitor. And this chart shows an even stronger position in Data Extraction Software, with an 8 fold lead over our next competitor. Here we look at shares for Fraud detection and investigation. Our lead grows to 10:1 in this area. And finally, let’s look at Here we look at the emerging need for Continuous Auditing. ACL is the primary solution used by 65% of respondents. So clearly, our market penetration reflects our focus on this market…we understand your needs and the demands that you face
  7. ACL analytics can be applied across multiple key business processes. Some examples of areas of investigation for each area include…
  8. During the course of conducting and documenting audits, users can assign tasks & request items from users, export comprehensive documentation, upload any related files & documentation, track time, and a lot more in addition to what you see on this slide.
  9. PLAY 3. Dilbert Unpleasant Realization and Steaming Pile of Failure 33 seconds
  10. CHAD- Just an overview of what to expect in the demo. Chad, we should be close to around 11:15 by now. If not, adjust pace accordingly