Transcript Document
Technology Applications
in the Age of Integrity
Integrity Forum 2006
Tony Murphy
Vice President, Worldwide Sales
ACL Services Ltd.
About ACL
Founded
1987 – Global leader in audit, controls
testing, and compliance technology solutions
Corp Headquarters
Vancouver, BC
Clients
170,000 users in 130 countries
70% of Fortune 500
Big 4 Accounting Firms
State & federal governments
Products
Data Analytics
ACL Desktop/Network Edition
ACL Server Editions – AIX, Linux, OS390/400, Windows
Direct Link for SAP
Continuous Controls Monitoring
Purchase-to-Payment T&E Expenses Payroll
Purchasing Cards Order-to-Cash General Ledger
Services
Technical Support, Implementation Services, Training
2
© 2006 ACL Services Ltd.
Today’s Agenda
Spotlight on Internal Controls
Continuous Auditing and Continuous Monitoring
Definitions
Responsibilities
Impact
ACL Solutions
Summary
3
© 2006 ACL Services Ltd.
Internal Controls: What’s at Stake?
Compliance Issues
Cost-effectively sustaining compliance
Market perception/share value
Negative impact on credit rating
Business Performance Issues
Operational inefficiency
Revenue leakage
Fraud
Technology is seen as one way companies
can successfully manage these issues
4
© 2006 ACL Services Ltd.
Compliance Confusion
There’s a great deal of confusion in the market about
“Compliance”
Following slides
Let’s have some plain talk about what compliance is, why it’s
important to a business and what ACL is doing to help
companies address a critically important slice of their
compliance requirements
5
© 2006 ACL Services Ltd.
Sustainable Compliance
Regulatory environment now driving the need to
Efficiently and cost-effectively sustain controls assessment and
testing efforts
Determine on a timely basis when control deficiencies occur
Quantify the impact of control deficiencies
Improve effectiveness of controls
Gain assurance over effectiveness of controls Need to make compliance
attainable, sustainable, and cost-effective
Additional goal: improve overall business performance
How can audit departments assist?
Build compliance processes into the
foundation of the business
6
© 2006 ACL Services Ltd.
Gaining Clarity: Some Definitions
Continuous Auditing
Method used to perform audit activities on a continual basis –
includes control and risk assessment
Performed by Internal Audit
Continuous Monitoring
Processes to ensure policies/processes are operating effectively
and to assess adequacy/effectiveness of controls
Performed by operational/financial management
Continuous Assurance
Combination of continuous auditing and audit oversight of
continuous monitoring
7
© 2006 ACL Services Ltd.
Continuous Auditing vs.
Continuous Controls Monitoring
A Question of Responsibility:
Management is responsible for establishing and
monitoring the effectiveness of internal controls
Audit is responsible for determining whether
management has been successful in its responsibility
Continuous Auditing and Continuous Controls Monitoring
frameworks are vital parts of the controls environment
8
© 2006 ACL Services Ltd.
Relationship of Continuous
Auditing/Monitoring/Assurance
Role of continuous auditing dependent on
management’s role in continuous monitoring of
controls
Inverse relationship: the
greater the role of
management, the less of
a direct role of internal
audit
True continuous assurance
Depends on effective monitoring by
management of internal controls and
Audit’s independent assessment of
that function
9
© 2006 ACL Services Ltd.
Continuous Auditing
Compliance requirements now driving the need to
Efficiently and cost-effectively sustain controls assessment and
testing efforts
Determine on a timely basis when control
deficiencies occur
Quantify the impact of control deficiencies
Improve effectiveness of controls
Gain assurance over effectiveness of controls
Continuous Auditing
Shift from traditional approach of periodic cyclical audit
processes
Method used to automatically perform control and risk
assessments on an ongoing basis
Allows audit to provide ongoing risk and control assessments
Technology is key
10
© 2006 ACL Services Ltd.
Continuous Controls Monitoring
Process performed by management to determine
whether policies and controls are operating effectively
Establishes control objectives and assurance assertions
– and uses automated tests to identify activities and
transactions that fail to comply with controls
Embedded in key business processes
Allows management to fix control problems on a timely
basis – improves controls and improves operational
performance
Technology is key
11
© 2006 ACL Services Ltd.
CA & CCM: An Integrated Approach
12
© 2006 ACL Services Ltd.
ACL’s Approach to Enterprise Financial
Transaction Monitoring
Internal &
external
Provide visibility into
controls health to all
stakeholders
Present quantified
control exceptions
Apply automated tests to
critical control points
Review 100% of
transactions across all
systems & platforms
13
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Transaction
Monitoring
DISCOVER & DETECT…
MONITOR ….
ACL Audit Analytics
Continuous Controls
Monitoring (CCM)
14
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Transaction
Monitoring
ACL Data Analytics
DISCOVER & DETECT…
Interactive analysis built for Audit
Analyze every transaction, across system boundaries
Automate audit best practices
Auditable results
Desktop/Network, Server Editions, Direct Link for SAP
15
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Financial
Transaction
Transaction
Monitoring
Monitoring
Continuous Controls Monitoring (CCM)
MONITOR ….
Core business processes, end-to-end
Key controls, across system boundaries
Based on COSO framework
CCM applications:
General Ledger
Order-to-Cash Cycle
Payroll
Purchase-to-Payment Cycle
Purchasing Cards
Travel & Entertainment Expenses
16
© 2006 ACL Services Ltd.
Benefits and Outcomes
Near-term – Revenue recovery & compliance
Return on investment, early warning system, regulatory
compliance
Example: Recovery of duplicate payments and
vendor overcharges
Mid-term – Operational improvement
Example: Modifications made to system design and controls
such as change to vendor master entry
Long-term – Enhanced control environment
Improved external audit results
Tangible, demonstrable evidence of effort
17
© 2006 ACL Services Ltd.
Summary
Compliance requirements and business process
improvement are not optional
A sustainable approach is needed
Audit has options:
Expand technology investment to apply continuous auditing
techniques
Advanced use of data analytics, i.e. script development and
automation
Sponsor comprehensive technology solutions to automate
controls monitoring within business processes
Implement continuous monitoring technology
18
© 2006 ACL Services Ltd.
Summary
Compliance
Requirements
Sustainable process
for compliance
Reduced time for
reporting/signoff
Business
Performance
Optimization
Internal
Controls
Effectiveness
Streamlined internal
& external audit
Bottom-line results
Cost-effective risk
mitigation
Operational efficiencies
Fraud reduction
Cost savings
Connected compliance across the business supports compliance
with the benefit of enhanced business performance.
19
© 2006 ACL Services Ltd.
20
© 2006 ACL Services Ltd.