SlideShare a Scribd company logo
The Next Gen Auditor
CA Bharath Rao
ACA, CISA, CEH, CHFI, BCOM
1
Outline
2
Disruptions Technology
Way forward Risks
Disruptions
Expanding
business using
Technologies
3
Technological
disruptions
resulting in a
Bang!!
• Analytics
• Big Data
• Machine Learning
• Artificial Intelligence
• Blockchain
• Crypto currencies
• Distributed Ledger
Systems
• Privacy
• General Data Protection
Regulation
• Indian Data Privacy Bill
• Robotics Process
Automation
4
Analytics
Data is
everywhere
Data can be
collected and
leveraged
Better Analysis
leads to right
decision making
Right decision
making leads to
higher
profitability
Question is How to
identify? How to Analyze?
What decisions can be
made?
5
Analytics - Technologies
• Big Data Analytics
• Reporting Analytics
• Predictive Analytics
• Data Mining
• Machine Learning
• Supervised and Unsupervised Learning
• Deep Learning
• Artificial Intelligence
• Are we ready for this?
6
Analytics - Fields
Big Data Analytics
Reporting Analytics
• Summarizing Large
Datasets (Dashboards)
Predictive Analytics
• Using existing data for
predicting consumer
behaviour
Data Mining
• Effectively seeking data
from sources
Machine Learning
Supervised and
Unsupervised Learning
• Identify and learn
patterns to achieve an
outcome as per the
objective defined
Deep Learning
• Presence of multiple
layers of data
transformation while
machine learning
Artificial Intelligence
Intelligence demonstrated
by computers in contrast
with natural intelligence
of Humans
Are we ready for this?
7
Analytics Process
• Discovery
• Interpretation
• Communication
• Decision Making
• Large datasets
• Complex factors
• Quick turnaround
• Effective decisions
• Identify Sources
• Mining & Cleansing
• Standardization
• Statistical Methods
HIGHLY USED BY
BUSINESSES!!!
8
Analytics used by Business Issues faced by Auditors
Steps to be followed
Statistical
Theories
used for
Predictive
Analytics
Logistic
Regression
Linear
Regression
Moments
Skewness Kurtosis
Theoretical
Distributions
Testing of
Hypothesis
Correlation
Statistical
Dispersion
Pareto
Analysis
Benford’s Law
of Numbers
Beneish M
Score
9
Areas of Analytics – by
businesses
Demand Forecasting and
Planning with Predictive
Analytics
Consumer Behavior and
passive feedback
Market penetration
Revenue and cost
monitoring and
visualization dashboards
Controls and Risk
Exposure Monitoring and
visualization dashboards
Fraud detection during
insurance, warranty
10
Analytics – Risks
Reports generated are not as
per the defined logic or has
used incorrect input
parameters or data is being
modified during processing
(IPE Risk)
Potential violation of Data
Localization and Privacy laws
where sensitive information is
being processed
Extreme scenarios may not
be covered and processed by
analytics tools
Inaccurate or incomplete
patterns configured within
the analytics module leading
to high false positives
Areas of Analytics – for
Auditor
Identification of
Vendor Collusion
Predictive Analytics
for determining the
chances of a bad
debt
Process Mining and
identification of
process weakness
Compliance
Management
Automation of
Internal Controls
Travel and Expense
Claims frauds
Identification of
gaps and weakness
in Material
Management
12
Areas of Analytics – for
Auditor
Identification of
anomalies in
financial
statements
Determination of
effective point of
Revenue
Recognition
Expense Analytics
and determination
of provisioning
Identification of
Fraud for
promotional items
Performance
Evaluation against
budgeted funds
and time
Three way match
and Payment
Analytics
13
Data Patterns Models
Block Chain
Blockchain
• A blockchain is a growing list of records called blocks
which are linked using cryptography
• an open, distributed ledger that can record
transactions between two parties efficiently and in a
verifiable and permanent way, hence it is not alterable
• Blockchain keeps a record of all data exchange
15
Decentralized Distributed Open Ledger
How does cryptocurrency work?
https://www.weforum.org/agenda/2016/06/blockchain-
explained-simply/
Blockchain Use cases
• Inter-organizational data management
• smart contracting – P2P Process
• streamlining of clearing and settlements
• automating regulatory compliance (AML)
• Cryptocurrencies
• Bitcoin
• Ethereum etc.
• Digital identity
• https://igniteoutsourcing.com/blockchain/blockchain-
use-cases-by-industry/
17
Blockchain Use cases
18
Organizational
Level
WIP Management
Accountability in
Quality Control
Project Scheduling
Process Control
Regulatory
Compliance
Banking
Investment
Credit Services
Government
Services
Taxes
Voting Records
Military Records
Government Pension
Records
Government
Healthcare Records
Welfare Records
Enforcement of
Legal Agreements
Rental Contracts
Investment Contracts
(Futures and Options)
Powers of Attorney
Sales Contracts
Blockchain
Risks
• Security vulnerabilities at the terminals
• Public and Private Key security
• Risk of impersonation of transactions
• Risks at vendors
• Lack of testing of the network on a large
scale
• Lack of regulation and standards
• Lack of testing of code
19
Auditing
the
chain
20
Scope?
Risks?
Approach?
Procedures?
Auditing the chain
21
IT General Controls
• Review of adequate code
testing performed
• Review of process to include a
new member as a part of the
network
• Review of terminal and
network security protocols
• Review of Public Key
Infrastructure Management
• Review of Audit Logging
functionalities
Application Controls
• Review of Functionalities to
ensure all business scenarios
are covered
• Review of validation controls
during data input,
processing, storage and
output
• Controls Checks of
transactions based on
validation of HASH Values
generated (Completeness and
Accuracy)
Privacy
22
Privacy and Confidentiality
• Any information relating to a person who can be
identified, directly or indirectly, in particular by
reference to an identifier such as a name,
identification, location data, online identifier or to
one or more factors specific to physical,
physiological, genetic, mental, economic, cultural
or social identity of that person
• Sensitive Information
• PII – Personally Identifiable Information
• Name, Address, Email, Phone, Health Records, Social
Media Profiles etc.
23
Privacy – Users and
Profiling
24
Data
controllers/fid
uciary
Owners of data
Responsible of data
security
Ensures compliance
of data processors
Data
processors
Work with the data
on the instruction
of controllers
Data
protection
officers
Public authorities,
large scale
processing of
special types of
personal data
Profiling
Any automated
processing of
personal data to
determine certain
criteria about a
person
GDPR and Indian Data
Protection Bill
25
GDPR
Applicable to data pertaining to
citizens/residents of the EU
Applicable to entities incorporated
across EU or doing business in EU
Applicable to entities outside of EU
involving in direct or indirect
processing/use of Data
Indian Data Protection Bill
Natural persons
Entities incorporated within India and
processing personal data of Indian
residents and citizens and
Foreign entities conducting business in
India and processing personal
information of Indian residents and
citizens
Privacy Concepts
26
ACQUIRING
CONSENT FREELY
(NOT IMPLIED) FOR
SPECIFIC PURPOSE
RIGHT TO
WITHDRAW
CONSENT AND
PERMANENTLY
DELETE
INFORMATION
MANDATORY
BREACH
NOTIFICATION
PRIVACY BY DESIGN
INTO THE
DEVELOPMENT OF
BUSINESS
PROCESSES AND
NEW SYSTEMS
Privacy
Risks
27
Regulatory Non
Compliance
Data Leak of
confidential and
sensitive information
Misuse of information
and unauthorized
transfer of
information to other
data
processors/buyers
Use of information for
purposes other than
for which consent was
provided for
Auditors Procedures
28
Compliance of SA 250 on entities
having business connections in the
EU
The auditor shall perform procedures to help
identify instances of non compliance with other
laws and regulations that may have material
effect on the financial statements
• Inquiring of management, TCWG as to
whether the entity is in compliance with such
laws and regulations and;
• Inspecting correspondences
• Obtain written representations
Conduct a privacy impact assessment
to determine exposure
Maintain a workpaper documenting the audit
procedures executed, evidences gathered to
demonstrate that the GDPR and other privacy
laws has been complied by the entity
Perform a PIA to identify applications, databases
hosting personal information
Consider the participation of IoT during business
processes and the data collection sources
Inspect the management action plan and ensure
timely completion of the activities
Robotic Process
Automation
RPA use cases
30
Software robots or AI
workers are configured to
emulate and integrate the
actions of a human
interacting within
applications to execute
business processes
Applied where high
volume of routine and
labor intensive activities
performed on a daily basis
Use cases –
Vendor and Customer MDM
Price Analysis and Market
Intelligence
Contract Terms during IR
process
3 way matching
Support during FSCP process
Data Extractions and Analysis
Reconciliation processes
RPA Risks
• Risk of missing scenarios during simulation
• Processes are not mapped correctly
• Human safeguards may be removed
• Incorrect data processing may go unnoticed
due to incorrectly designed bot
• Potential breach in controls going unnoticed
31
Auditors responsibilities
32
Evaluate the flowcharts
and data flow diagrams of
the bots
Evaluate the scenarios
covered by the BOTs
Evaluate the design of the
process (Design
Effectiveness testing)
Evaluate a walkthrough of
the workflows covering
scenarios and ensure that
the risks are covered
Evaluate if the BOTs have
suffered downtime and
appropriate human
intervention was provided
in a timely manner
Evaluate if sensitive
information is used during
data processing and the
safeguards are present
and operating effectively
Other Technologies and
considerations
33
Internet of things
Devices capable to connect and
exchange information
Privacy and Security risks?
Cybersecurity
Protection of IT and Network
Infrastructure
Cloud Computing considerations
Failsafe mechanisms
Key Takeaways
34
IT risks and risks emerging from technologies are having material impact
on financials
Technologies are evolving and implemented at a faster pace
Consideration of data and service
security (CIA Triad)
Confidentiality
Integrity
Availability
Newer forms of controls and higher level of automation
Increasing forms of privacy and InfoSec risks
Taking the extra mile
35
Update on the newer
technologies and risks
and controls
Increase risk
assessments on ICFR
Risks, IT, Cybersecurity
and Privacy Risks
Risk Based Audit
Approach and placing
reliance on ITGC
controls
Moving from test
check to analytics
Leveraging
technology in
executing our audit
procedures
THANK YOU
36
The presentation and information contained therein are intended for educational purposes only and do not replace independent professional judgement.
Statements, views, thoughts, and opinions expressed in the presentation belong solely to the presenter, and not necessarily to any entity with the presenter is
associated with. The information contained in this presentation is of a general nature and is not intended to address the circumstances of any particular individual
or entity. The presenter disclaims any liability to any person or entity in respect of anything as the technical contents. One should act on information only after
seeking professional advice and after a thorough examination of facts of the particular situation.
CA Bharath Rao
www.bharathraob.com
mailme@bharathraob.com
+91 88922 29220

More Related Content

What's hot

Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
Analytics & Data Strategy 101 by Deko Dimeski
Analytics & Data Strategy 101 by Deko DimeskiAnalytics & Data Strategy 101 by Deko Dimeski
Analytics & Data Strategy 101 by Deko Dimeski
Deko Dimeski
 
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise AnalyticsTargeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Perficient, Inc.
 
Achieving Digital Transformation in Regulatory
Achieving Digital Transformation in RegulatoryAchieving Digital Transformation in Regulatory
Achieving Digital Transformation in Regulatory
Cary Smithson
 
Austin Tech Introduction Deliver Business Value With It Service Management ...
Austin Tech Introduction   Deliver Business Value With It Service Management ...Austin Tech Introduction   Deliver Business Value With It Service Management ...
Austin Tech Introduction Deliver Business Value With It Service Management ...
itilsme
 
Business Analytics
Business AnalyticsBusiness Analytics
Business Analytics
Jignesh Kariya
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
Alan McSweeney
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
Perficient, Inc.
 
Expanding Trust in Data
Expanding Trust in DataExpanding Trust in Data
Expanding Trust in Data
Precisely
 
Rahat Yasir: Enterprise Data & AI Strategy & Platform Designing
Rahat Yasir: Enterprise Data & AI Strategy & Platform DesigningRahat Yasir: Enterprise Data & AI Strategy & Platform Designing
Rahat Yasir: Enterprise Data & AI Strategy & Platform Designing
Lviv Startup Club
 
Business analytics workshop presentation final
Business analytics workshop presentation   finalBusiness analytics workshop presentation   final
Business analytics workshop presentation final
Brian Beveridge
 
1.0 how to empower audit through data analytics for icai kolkata
1.0 how to empower audit through data analytics for icai kolkata1.0 how to empower audit through data analytics for icai kolkata
1.0 how to empower audit through data analytics for icai kolkata
eirc_icai
 
Webinar the rise of nearshore outsourcing after covid 8 7-2020
Webinar the rise of nearshore outsourcing after covid 8 7-2020Webinar the rise of nearshore outsourcing after covid 8 7-2020
Webinar the rise of nearshore outsourcing after covid 8 7-2020
Auxis Consulting & Outsourcing
 
ICD-10: Short-Term Challenges and Long-Term Gains
ICD-10: Short-Term Challenges and Long-Term GainsICD-10: Short-Term Challenges and Long-Term Gains
ICD-10: Short-Term Challenges and Long-Term Gains
Perficient, Inc.
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
None
 
Process centric approach to RPA
Process centric approach to RPAProcess centric approach to RPA
Process centric approach to RPA
Kishore Kandru
 
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
Perficient, Inc.
 
Pwc , 10BM60035, summer internship
Pwc , 10BM60035, summer internshipPwc , 10BM60035, summer internship
Pwc , 10BM60035, summer internship
Kanika Garg
 
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
emagia
 
Business Analytics Overview
Business Analytics OverviewBusiness Analytics Overview
Business Analytics Overview
Dr Susan Entwisle
 

What's hot (20)

Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
Analytics & Data Strategy 101 by Deko Dimeski
Analytics & Data Strategy 101 by Deko DimeskiAnalytics & Data Strategy 101 by Deko Dimeski
Analytics & Data Strategy 101 by Deko Dimeski
 
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise AnalyticsTargeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
 
Achieving Digital Transformation in Regulatory
Achieving Digital Transformation in RegulatoryAchieving Digital Transformation in Regulatory
Achieving Digital Transformation in Regulatory
 
Austin Tech Introduction Deliver Business Value With It Service Management ...
Austin Tech Introduction   Deliver Business Value With It Service Management ...Austin Tech Introduction   Deliver Business Value With It Service Management ...
Austin Tech Introduction Deliver Business Value With It Service Management ...
 
Business Analytics
Business AnalyticsBusiness Analytics
Business Analytics
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
 
Expanding Trust in Data
Expanding Trust in DataExpanding Trust in Data
Expanding Trust in Data
 
Rahat Yasir: Enterprise Data & AI Strategy & Platform Designing
Rahat Yasir: Enterprise Data & AI Strategy & Platform DesigningRahat Yasir: Enterprise Data & AI Strategy & Platform Designing
Rahat Yasir: Enterprise Data & AI Strategy & Platform Designing
 
Business analytics workshop presentation final
Business analytics workshop presentation   finalBusiness analytics workshop presentation   final
Business analytics workshop presentation final
 
1.0 how to empower audit through data analytics for icai kolkata
1.0 how to empower audit through data analytics for icai kolkata1.0 how to empower audit through data analytics for icai kolkata
1.0 how to empower audit through data analytics for icai kolkata
 
Webinar the rise of nearshore outsourcing after covid 8 7-2020
Webinar the rise of nearshore outsourcing after covid 8 7-2020Webinar the rise of nearshore outsourcing after covid 8 7-2020
Webinar the rise of nearshore outsourcing after covid 8 7-2020
 
ICD-10: Short-Term Challenges and Long-Term Gains
ICD-10: Short-Term Challenges and Long-Term GainsICD-10: Short-Term Challenges and Long-Term Gains
ICD-10: Short-Term Challenges and Long-Term Gains
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Process centric approach to RPA
Process centric approach to RPAProcess centric approach to RPA
Process centric approach to RPA
 
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
Improve Efficiency, Compliance and Productivity Through Finance Transformatio...
 
Pwc , 10BM60035, summer internship
Pwc , 10BM60035, summer internshipPwc , 10BM60035, summer internship
Pwc , 10BM60035, summer internship
 
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
Emagia Master Class 3 | Integrated Order-to-Cash (OTC) Transformation for Glo...
 
Business Analytics Overview
Business Analytics OverviewBusiness Analytics Overview
Business Analytics Overview
 

Similar to The Next Gen Auditor - Auditing through technological disruptions

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
ZoneFox
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
Rishi Kant
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
Precisely
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
Armin Torres
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
Mediacurrent
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
it grc
it grc it grc
it grc
9535814851
 
Fraud detection analysis
Fraud detection analysis Fraud detection analysis
Fraud detection analysis
SAI MANIKANTA MANASANI
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and Monitoring
Jim Kaplan CIA CFE
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
Vaticle
 
Drive Smarter Decisions with Big Data Using Complex Event Processing
Drive Smarter Decisions with Big Data Using Complex Event ProcessingDrive Smarter Decisions with Big Data Using Complex Event Processing
Drive Smarter Decisions with Big Data Using Complex Event Processing
Perficient, Inc.
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
Kavitha Gupta, CIPP-Asia
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
TrustArc
 
Data driven approach to KYC
Data driven approach to KYCData driven approach to KYC
Data driven approach to KYC
Pankaj Baid
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 

Similar to The Next Gen Auditor - Auditing through technological disruptions (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
it grc
it grc it grc
it grc
 
Fraud detection analysis
Fraud detection analysis Fraud detection analysis
Fraud detection analysis
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and Monitoring
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
 
Drive Smarter Decisions with Big Data Using Complex Event Processing
Drive Smarter Decisions with Big Data Using Complex Event ProcessingDrive Smarter Decisions with Big Data Using Complex Event Processing
Drive Smarter Decisions with Big Data Using Complex Event Processing
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Data driven approach to KYC
Data driven approach to KYCData driven approach to KYC
Data driven approach to KYC
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 

More from Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
Bharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Bharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
Bharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
Bharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
Bharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
Bharath Rao
 
Forex markets
Forex marketsForex markets
Forex markets
Bharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
Bharath Rao
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
Bharath Rao
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
Bharath Rao
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
Bharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
Bharath Rao
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
Bharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
Bharath Rao
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao
 

More from Bharath Rao (19)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Recently uploaded

一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
eoxhsaa
 
Call Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
Call Girls Lucknow 0000000000 Independent Call Girl Service LucknowCall Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
Call Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
hiju9823
 
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your DoorHyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
Russian Escorts in Delhi 9711199171 with low rate Book online
 
Health care analysis using sentimental analysis
Health care analysis using sentimental analysisHealth care analysis using sentimental analysis
Health care analysis using sentimental analysis
krishnasrigannavarap
 
一比一原版莱斯大学毕业证(rice毕业证)如何办理
一比一原版莱斯大学毕业证(rice毕业证)如何办理一比一原版莱斯大学毕业证(rice毕业证)如何办理
一比一原版莱斯大学毕业证(rice毕业证)如何办理
zsafxbf
 
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
actyx
 
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
agdhot
 
Overview IFM June 2024 Consumer Confidence INDEX Report.pdf
Overview IFM June 2024 Consumer Confidence INDEX Report.pdfOverview IFM June 2024 Consumer Confidence INDEX Report.pdf
Overview IFM June 2024 Consumer Confidence INDEX Report.pdf
nhutnguyen355078
 
Econ3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdfEcon3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdf
blueshagoo1
 
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
9gr6pty
 
Senior Engineering Sample EM DOE - Sheet1.pdf
Senior Engineering Sample EM DOE  - Sheet1.pdfSenior Engineering Sample EM DOE  - Sheet1.pdf
Senior Engineering Sample EM DOE - Sheet1.pdf
Vineet
 
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdfNamma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
22ad0301
 
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
nyvan3
 
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdfreading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
perranet1
 
Salesforce AI + Data Community Tour Slides - Canarias
Salesforce AI + Data Community Tour Slides - CanariasSalesforce AI + Data Community Tour Slides - Canarias
Salesforce AI + Data Community Tour Slides - Canarias
davidpietrzykowski1
 
How To Control IO Usage using Resource Manager
How To Control IO Usage using Resource ManagerHow To Control IO Usage using Resource Manager
How To Control IO Usage using Resource Manager
Alireza Kamrani
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
hqfek
 
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
Marlon Dumas
 
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENTHigh Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
ranjeet3341
 
Senior Software Profiles Backend Sample - Sheet1.pdf
Senior Software Profiles  Backend Sample - Sheet1.pdfSenior Software Profiles  Backend Sample - Sheet1.pdf
Senior Software Profiles Backend Sample - Sheet1.pdf
Vineet
 

Recently uploaded (20)

一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
 
Call Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
Call Girls Lucknow 0000000000 Independent Call Girl Service LucknowCall Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
Call Girls Lucknow 0000000000 Independent Call Girl Service Lucknow
 
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your DoorHyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
Hyderabad Call Girls 7339748667 With Free Home Delivery At Your Door
 
Health care analysis using sentimental analysis
Health care analysis using sentimental analysisHealth care analysis using sentimental analysis
Health care analysis using sentimental analysis
 
一比一原版莱斯大学毕业证(rice毕业证)如何办理
一比一原版莱斯大学毕业证(rice毕业证)如何办理一比一原版莱斯大学毕业证(rice毕业证)如何办理
一比一原版莱斯大学毕业证(rice毕业证)如何办理
 
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
 
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
一比一原版加拿大麦吉尔大学毕业证(mcgill毕业证书)如何办理
 
Overview IFM June 2024 Consumer Confidence INDEX Report.pdf
Overview IFM June 2024 Consumer Confidence INDEX Report.pdfOverview IFM June 2024 Consumer Confidence INDEX Report.pdf
Overview IFM June 2024 Consumer Confidence INDEX Report.pdf
 
Econ3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdfEcon3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdf
 
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
 
Senior Engineering Sample EM DOE - Sheet1.pdf
Senior Engineering Sample EM DOE  - Sheet1.pdfSenior Engineering Sample EM DOE  - Sheet1.pdf
Senior Engineering Sample EM DOE - Sheet1.pdf
 
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdfNamma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
Namma-Kalvi-11th-Physics-Study-Material-Unit-1-EM-221086.pdf
 
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
 
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdfreading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
 
Salesforce AI + Data Community Tour Slides - Canarias
Salesforce AI + Data Community Tour Slides - CanariasSalesforce AI + Data Community Tour Slides - Canarias
Salesforce AI + Data Community Tour Slides - Canarias
 
How To Control IO Usage using Resource Manager
How To Control IO Usage using Resource ManagerHow To Control IO Usage using Resource Manager
How To Control IO Usage using Resource Manager
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
 
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...
 
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENTHigh Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
High Profile Call Girls Navi Mumbai ✅ 9833363713 FULL CASH PAYMENT
 
Senior Software Profiles Backend Sample - Sheet1.pdf
Senior Software Profiles  Backend Sample - Sheet1.pdfSenior Software Profiles  Backend Sample - Sheet1.pdf
Senior Software Profiles Backend Sample - Sheet1.pdf
 

The Next Gen Auditor - Auditing through technological disruptions

  • 1. The Next Gen Auditor CA Bharath Rao ACA, CISA, CEH, CHFI, BCOM 1
  • 4. Technological disruptions resulting in a Bang!! • Analytics • Big Data • Machine Learning • Artificial Intelligence • Blockchain • Crypto currencies • Distributed Ledger Systems • Privacy • General Data Protection Regulation • Indian Data Privacy Bill • Robotics Process Automation 4
  • 5. Analytics Data is everywhere Data can be collected and leveraged Better Analysis leads to right decision making Right decision making leads to higher profitability Question is How to identify? How to Analyze? What decisions can be made? 5
  • 6. Analytics - Technologies • Big Data Analytics • Reporting Analytics • Predictive Analytics • Data Mining • Machine Learning • Supervised and Unsupervised Learning • Deep Learning • Artificial Intelligence • Are we ready for this? 6
  • 7. Analytics - Fields Big Data Analytics Reporting Analytics • Summarizing Large Datasets (Dashboards) Predictive Analytics • Using existing data for predicting consumer behaviour Data Mining • Effectively seeking data from sources Machine Learning Supervised and Unsupervised Learning • Identify and learn patterns to achieve an outcome as per the objective defined Deep Learning • Presence of multiple layers of data transformation while machine learning Artificial Intelligence Intelligence demonstrated by computers in contrast with natural intelligence of Humans Are we ready for this? 7
  • 8. Analytics Process • Discovery • Interpretation • Communication • Decision Making • Large datasets • Complex factors • Quick turnaround • Effective decisions • Identify Sources • Mining & Cleansing • Standardization • Statistical Methods HIGHLY USED BY BUSINESSES!!! 8 Analytics used by Business Issues faced by Auditors Steps to be followed
  • 9. Statistical Theories used for Predictive Analytics Logistic Regression Linear Regression Moments Skewness Kurtosis Theoretical Distributions Testing of Hypothesis Correlation Statistical Dispersion Pareto Analysis Benford’s Law of Numbers Beneish M Score 9
  • 10. Areas of Analytics – by businesses Demand Forecasting and Planning with Predictive Analytics Consumer Behavior and passive feedback Market penetration Revenue and cost monitoring and visualization dashboards Controls and Risk Exposure Monitoring and visualization dashboards Fraud detection during insurance, warranty 10
  • 11. Analytics – Risks Reports generated are not as per the defined logic or has used incorrect input parameters or data is being modified during processing (IPE Risk) Potential violation of Data Localization and Privacy laws where sensitive information is being processed Extreme scenarios may not be covered and processed by analytics tools Inaccurate or incomplete patterns configured within the analytics module leading to high false positives
  • 12. Areas of Analytics – for Auditor Identification of Vendor Collusion Predictive Analytics for determining the chances of a bad debt Process Mining and identification of process weakness Compliance Management Automation of Internal Controls Travel and Expense Claims frauds Identification of gaps and weakness in Material Management 12
  • 13. Areas of Analytics – for Auditor Identification of anomalies in financial statements Determination of effective point of Revenue Recognition Expense Analytics and determination of provisioning Identification of Fraud for promotional items Performance Evaluation against budgeted funds and time Three way match and Payment Analytics 13 Data Patterns Models
  • 15. Blockchain • A blockchain is a growing list of records called blocks which are linked using cryptography • an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way, hence it is not alterable • Blockchain keeps a record of all data exchange 15 Decentralized Distributed Open Ledger
  • 16. How does cryptocurrency work? https://www.weforum.org/agenda/2016/06/blockchain- explained-simply/
  • 17. Blockchain Use cases • Inter-organizational data management • smart contracting – P2P Process • streamlining of clearing and settlements • automating regulatory compliance (AML) • Cryptocurrencies • Bitcoin • Ethereum etc. • Digital identity • https://igniteoutsourcing.com/blockchain/blockchain- use-cases-by-industry/ 17
  • 18. Blockchain Use cases 18 Organizational Level WIP Management Accountability in Quality Control Project Scheduling Process Control Regulatory Compliance Banking Investment Credit Services Government Services Taxes Voting Records Military Records Government Pension Records Government Healthcare Records Welfare Records Enforcement of Legal Agreements Rental Contracts Investment Contracts (Futures and Options) Powers of Attorney Sales Contracts
  • 19. Blockchain Risks • Security vulnerabilities at the terminals • Public and Private Key security • Risk of impersonation of transactions • Risks at vendors • Lack of testing of the network on a large scale • Lack of regulation and standards • Lack of testing of code 19
  • 21. Auditing the chain 21 IT General Controls • Review of adequate code testing performed • Review of process to include a new member as a part of the network • Review of terminal and network security protocols • Review of Public Key Infrastructure Management • Review of Audit Logging functionalities Application Controls • Review of Functionalities to ensure all business scenarios are covered • Review of validation controls during data input, processing, storage and output • Controls Checks of transactions based on validation of HASH Values generated (Completeness and Accuracy)
  • 23. Privacy and Confidentiality • Any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification, location data, online identifier or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that person • Sensitive Information • PII – Personally Identifiable Information • Name, Address, Email, Phone, Health Records, Social Media Profiles etc. 23
  • 24. Privacy – Users and Profiling 24 Data controllers/fid uciary Owners of data Responsible of data security Ensures compliance of data processors Data processors Work with the data on the instruction of controllers Data protection officers Public authorities, large scale processing of special types of personal data Profiling Any automated processing of personal data to determine certain criteria about a person
  • 25. GDPR and Indian Data Protection Bill 25 GDPR Applicable to data pertaining to citizens/residents of the EU Applicable to entities incorporated across EU or doing business in EU Applicable to entities outside of EU involving in direct or indirect processing/use of Data Indian Data Protection Bill Natural persons Entities incorporated within India and processing personal data of Indian residents and citizens and Foreign entities conducting business in India and processing personal information of Indian residents and citizens
  • 26. Privacy Concepts 26 ACQUIRING CONSENT FREELY (NOT IMPLIED) FOR SPECIFIC PURPOSE RIGHT TO WITHDRAW CONSENT AND PERMANENTLY DELETE INFORMATION MANDATORY BREACH NOTIFICATION PRIVACY BY DESIGN INTO THE DEVELOPMENT OF BUSINESS PROCESSES AND NEW SYSTEMS
  • 27. Privacy Risks 27 Regulatory Non Compliance Data Leak of confidential and sensitive information Misuse of information and unauthorized transfer of information to other data processors/buyers Use of information for purposes other than for which consent was provided for
  • 28. Auditors Procedures 28 Compliance of SA 250 on entities having business connections in the EU The auditor shall perform procedures to help identify instances of non compliance with other laws and regulations that may have material effect on the financial statements • Inquiring of management, TCWG as to whether the entity is in compliance with such laws and regulations and; • Inspecting correspondences • Obtain written representations Conduct a privacy impact assessment to determine exposure Maintain a workpaper documenting the audit procedures executed, evidences gathered to demonstrate that the GDPR and other privacy laws has been complied by the entity Perform a PIA to identify applications, databases hosting personal information Consider the participation of IoT during business processes and the data collection sources Inspect the management action plan and ensure timely completion of the activities
  • 30. RPA use cases 30 Software robots or AI workers are configured to emulate and integrate the actions of a human interacting within applications to execute business processes Applied where high volume of routine and labor intensive activities performed on a daily basis Use cases – Vendor and Customer MDM Price Analysis and Market Intelligence Contract Terms during IR process 3 way matching Support during FSCP process Data Extractions and Analysis Reconciliation processes
  • 31. RPA Risks • Risk of missing scenarios during simulation • Processes are not mapped correctly • Human safeguards may be removed • Incorrect data processing may go unnoticed due to incorrectly designed bot • Potential breach in controls going unnoticed 31
  • 32. Auditors responsibilities 32 Evaluate the flowcharts and data flow diagrams of the bots Evaluate the scenarios covered by the BOTs Evaluate the design of the process (Design Effectiveness testing) Evaluate a walkthrough of the workflows covering scenarios and ensure that the risks are covered Evaluate if the BOTs have suffered downtime and appropriate human intervention was provided in a timely manner Evaluate if sensitive information is used during data processing and the safeguards are present and operating effectively
  • 33. Other Technologies and considerations 33 Internet of things Devices capable to connect and exchange information Privacy and Security risks? Cybersecurity Protection of IT and Network Infrastructure Cloud Computing considerations Failsafe mechanisms
  • 34. Key Takeaways 34 IT risks and risks emerging from technologies are having material impact on financials Technologies are evolving and implemented at a faster pace Consideration of data and service security (CIA Triad) Confidentiality Integrity Availability Newer forms of controls and higher level of automation Increasing forms of privacy and InfoSec risks
  • 35. Taking the extra mile 35 Update on the newer technologies and risks and controls Increase risk assessments on ICFR Risks, IT, Cybersecurity and Privacy Risks Risk Based Audit Approach and placing reliance on ITGC controls Moving from test check to analytics Leveraging technology in executing our audit procedures
  • 36. THANK YOU 36 The presentation and information contained therein are intended for educational purposes only and do not replace independent professional judgement. Statements, views, thoughts, and opinions expressed in the presentation belong solely to the presenter, and not necessarily to any entity with the presenter is associated with. The information contained in this presentation is of a general nature and is not intended to address the circumstances of any particular individual or entity. The presenter disclaims any liability to any person or entity in respect of anything as the technical contents. One should act on information only after seeking professional advice and after a thorough examination of facts of the particular situation. CA Bharath Rao www.bharathraob.com mailme@bharathraob.com +91 88922 29220