Transcript ACL Solutions for Continuous Auditing and Monitoring

ACL Solutions for Continuous
Auditing and Monitoring
John Verver CA, CISA, CMC
Vice President, Professional Services & Product Strategy
ACL Services Ltd
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 2
Continuous Auditing and Monitoring:
Where are we? Where are we going?
• ACL has 11,000+ user organizations globally
• 33-40% of organizations consider they perform some form of
Continuous Auditing
• Chief Audit Executive surveys indicate Continuous Auditing and
Monitoring usage will more than double by 2012
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 3
Continuous Auditing – ACL’s Experience
• Wide variation in CA approach and techniques
• CA part of a continuum of analytic usage
• Flexibility is key
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 4
Continuum of Audit Analytics
•
One-off analysis and
testing
•
•
Automated analyses and
tests
Managed and deployed
from a central
environment
•
Continual execution of
automated audit and
monitoring tests to
identify errors, fraud and
anomalies on a timely
basis
24
7
365
ad hoc
repetitive
continuous
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 5
Continuous Auditing: Issues to Address
•
•
•
•
Data access and management
Quality and control
Sustainability and productivity
People and process
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 6
Enabling the Continuum of Audit Analytics
A MANAGED ANALYTICS PLATFORM for AUDIT
Secure controlled access to data
Configuration, automation and scheduling of tests
Management of tests, documentation, findings, logs, workflow
One common platform
24
7
365
ad hoc
repetitive
continuous
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 7
Query & Analysis
•
•
•
•
Reporting &
Presentation
In-depth analysis
Audit-specific commands & scripting
Advanced analytics and predictive modeling
Centralized logging
Management & Automation
Query & Analysis
Analytic
Library
•
•
•
•
•
Audit repository
User access & rights, data security
Centralized tests and processing
Continuous auditing management
Configuration & management
Data Access
Management
& Automation
•
•
•
Access, extract, transform, load
Specialized format connectors
Audit data repository
Reporting & Presentation
Data Access
•
•
•
Templates, charting
Dashboard integration
Report deployment and maintenance
Analytic Library
•
Packaged analytics, key business
processes
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 8
Audit Analytics Repository
Management & Automation
•
User access &
rights
•
•
Data
• Data sets for each audit
area
• Data dictionaries
• Data management &
refresh
Scheduling
Administration
•
•
Search
Security
Analytics
• Test library
• Test documentation
• “Best Practices”
documentation
Findings & Results
• Results management
• Specific findings
• Logs & other
documentation
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 9
Populating and Refreshing the Audit Data Repository
• INFORMATICA for ACL AuditExchange
o
o
Industry leading technology for ETL (Extract Transform Load)
Connectors for any enterprise data
 PowerCenter:
 Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL
Server, dBase
 B2B Complex Data Exchange:
 PDF, XML, XBRL, Excel
 PowerExchange
 Specialized data formats – HIPPAA etc
• ACL Data Access, including Direct Link for SAP
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 10
ACL: Continuous Auditing and Continuous Monitoring
• ACL AuditExchange
Enables Best Practices in Audit Analytics
Provides a secure, controlled, well-managed and sustainable environment for the
continuum of Audit Analytics – Ad Hoc through Continuous Auditing
o Provides benefits of Audit Analytics to the entire audit team, according to roles
o A reliable environment for Continuous Auditing
o
o
• ACL Continuous Controls Monitoring
o
o
o
o
o
o
Provides management and audit with insight into control effectiveness
Monitors all transactions throughout business process cycles
Tests against suites of control rules
Identifies and quantifies exceptions on a timely basis
Supports exception resolution and control remediation
Configuration and management of the monitoring process
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 11
ACL Continuous Controls Monitoring Technology
Framework
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 12
ACL CCM Product Suite
• Continuous testing of transactions in core business process
areas against sets of internal control rules
Purchase to Pay Procurement Card
Travel & Entertainment Payroll
Order To Cash General Ledger
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 13
ACL CCM Product Suite
• Browser-based interface:
o
o
o
o
Manage Continuous Monitoring process
Security and Administration
Manage test parameters
View, report and manage exceptions
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 14
ACL CCM Product Suite – Large Enterprise Version
• Advanced capabilities for complex large scale enterprise monitoring
• For 10+ control entities:
o
o
o
Enhanced multi-entity configuration
Enhanced multi-entity parameter management
Enhanced workflow and remediation
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 15
ACL Enterprise Continuous Monitoring at
• ACL audit analytics used for many years in Siemens entity
internal audit organizations
• Siemens Power Generation one of first organizations to
implement ACL CCM Purchase to Pay 2004
• 2008 implementation of ACL Continuous Monitoring – Large
Enterprise Version for Purchase to Pay systems across entire
Siemens enterprise
• Believed to be largest purchase-payment transaction monitoring
project in the world
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 16
Enterprise Controls Monitoring at Siemens
Scale
•
•
•
•
•
•
•
All corporate entities (currently 900+)
All Purchase to Pay transactions
Daily with 90 days running history
27 control tests
275 different data sources & applications
Average 5GB of source data analyzed per entity
Primary integration environment: analysis of 200GB data for
~400 entities
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 17
Enterprise Controls Monitoring at Siemens
Exceptions: workflow process
• Process managed by entity business owners
o
o
review all exceptions
assign appropriate category
• Unresolved exceptions automatically escalated through multiple
CFO levels
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd. 18
Questions?
Contact: [email protected]