Transcript Document

Technology Applications
in the Age of Integrity
Integrity Forum 2006
Tony Murphy
Vice President, Worldwide Sales
ACL Services Ltd.
About ACL
Founded
1987 – Global leader in audit, controls
testing, and compliance technology solutions
Corp Headquarters
Vancouver, BC
Clients
170,000 users in 130 countries
70% of Fortune 500
Big 4 Accounting Firms
State & federal governments
Products
Data Analytics
ACL Desktop/Network Edition
ACL Server Editions – AIX, Linux, OS390/400, Windows
Direct Link for SAP
Continuous Controls Monitoring
Purchase-to-Payment  T&E Expenses  Payroll
Purchasing Cards  Order-to-Cash  General Ledger
Services
Technical Support, Implementation Services, Training
2
© 2006 ACL Services Ltd.
Today’s Agenda
 Spotlight on Internal Controls
 Continuous Auditing and Continuous Monitoring
 Definitions
 Responsibilities
 Impact
 ACL Solutions
 Summary
3
© 2006 ACL Services Ltd.
Internal Controls: What’s at Stake?
Compliance Issues
 Cost-effectively sustaining compliance
 Market perception/share value
 Negative impact on credit rating
Business Performance Issues
 Operational inefficiency
 Revenue leakage
 Fraud
Technology is seen as one way companies
can successfully manage these issues
4
© 2006 ACL Services Ltd.
Compliance Confusion
 There’s a great deal of confusion in the market about
“Compliance”
 Following slides
 Let’s have some plain talk about what compliance is, why it’s
important to a business and what ACL is doing to help
companies address a critically important slice of their
compliance requirements
5
© 2006 ACL Services Ltd.
Sustainable Compliance
 Regulatory environment now driving the need to
 Efficiently and cost-effectively sustain controls assessment and
testing efforts
 Determine on a timely basis when control deficiencies occur
 Quantify the impact of control deficiencies
 Improve effectiveness of controls
 Gain assurance over effectiveness of controls Need to make compliance
attainable, sustainable, and cost-effective
 Additional goal: improve overall business performance
How can audit departments assist?
Build compliance processes into the
foundation of the business
6
© 2006 ACL Services Ltd.
Gaining Clarity: Some Definitions
 Continuous Auditing
 Method used to perform audit activities on a continual basis –
includes control and risk assessment
 Performed by Internal Audit
 Continuous Monitoring
 Processes to ensure policies/processes are operating effectively
and to assess adequacy/effectiveness of controls
 Performed by operational/financial management
 Continuous Assurance
 Combination of continuous auditing and audit oversight of
continuous monitoring
7
© 2006 ACL Services Ltd.
Continuous Auditing vs.
Continuous Controls Monitoring
A Question of Responsibility:
 Management is responsible for establishing and
monitoring the effectiveness of internal controls
 Audit is responsible for determining whether
management has been successful in its responsibility
 Continuous Auditing and Continuous Controls Monitoring
frameworks are vital parts of the controls environment
8
© 2006 ACL Services Ltd.
Relationship of Continuous
Auditing/Monitoring/Assurance
 Role of continuous auditing dependent on
management’s role in continuous monitoring of
controls
 Inverse relationship: the
greater the role of
management, the less of
a direct role of internal
audit
 True continuous assurance
 Depends on effective monitoring by
management of internal controls and
Audit’s independent assessment of
that function
9
© 2006 ACL Services Ltd.
Continuous Auditing
 Compliance requirements now driving the need to
 Efficiently and cost-effectively sustain controls assessment and
testing efforts
 Determine on a timely basis when control
deficiencies occur
 Quantify the impact of control deficiencies
 Improve effectiveness of controls
 Gain assurance over effectiveness of controls
 Continuous Auditing
 Shift from traditional approach of periodic cyclical audit
processes
 Method used to automatically perform control and risk
assessments on an ongoing basis
 Allows audit to provide ongoing risk and control assessments
 Technology is key
10
© 2006 ACL Services Ltd.
Continuous Controls Monitoring
 Process performed by management to determine
whether policies and controls are operating effectively
 Establishes control objectives and assurance assertions
– and uses automated tests to identify activities and
transactions that fail to comply with controls
 Embedded in key business processes
 Allows management to fix control problems on a timely
basis – improves controls and improves operational
performance
 Technology is key
11
© 2006 ACL Services Ltd.
CA & CCM: An Integrated Approach
12
© 2006 ACL Services Ltd.
ACL’s Approach to Enterprise Financial
Transaction Monitoring
Internal &
external
Provide visibility into
controls health to all
stakeholders
Present quantified
control exceptions
Apply automated tests to
critical control points
Review 100% of
transactions across all
systems & platforms
13
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Transaction
Monitoring
DISCOVER & DETECT…
MONITOR ….
ACL Audit Analytics
Continuous Controls
Monitoring (CCM)
14
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Transaction
Monitoring
ACL Data Analytics
DISCOVER & DETECT…
 Interactive analysis built for Audit
 Analyze every transaction, across system boundaries
 Automate audit best practices
 Auditable results
 Desktop/Network, Server Editions, Direct Link for SAP
15
© 2006 ACL Services Ltd.
ACL’s Complementary Solutions
Audit Tools
Financial
Financial
Transaction
Transaction
Monitoring
Monitoring
Continuous Controls Monitoring (CCM)
MONITOR ….
Core business processes, end-to-end
Key controls, across system boundaries
Based on COSO framework
CCM applications:
 General Ledger
 Order-to-Cash Cycle
 Payroll
 Purchase-to-Payment Cycle
 Purchasing Cards
 Travel & Entertainment Expenses
16
© 2006 ACL Services Ltd.
Benefits and Outcomes
 Near-term – Revenue recovery & compliance
 Return on investment, early warning system, regulatory
compliance
 Example: Recovery of duplicate payments and
vendor overcharges
 Mid-term – Operational improvement
 Example: Modifications made to system design and controls
such as change to vendor master entry
 Long-term – Enhanced control environment
 Improved external audit results
 Tangible, demonstrable evidence of effort
17
© 2006 ACL Services Ltd.
Summary
 Compliance requirements and business process
improvement are not optional
 A sustainable approach is needed
 Audit has options:
 Expand technology investment to apply continuous auditing
techniques
Advanced use of data analytics, i.e. script development and
automation
 Sponsor comprehensive technology solutions to automate
controls monitoring within business processes
Implement continuous monitoring technology
18
© 2006 ACL Services Ltd.
Summary
Compliance
Requirements
Sustainable process
for compliance
Reduced time for
reporting/signoff
Business
Performance
Optimization
Internal
Controls
Effectiveness
Streamlined internal
& external audit
Bottom-line results
Cost-effective risk
mitigation
Operational efficiencies
Fraud reduction
Cost savings
Connected compliance across the business supports compliance
with the benefit of enhanced business performance.
19
© 2006 ACL Services Ltd.
20
© 2006 ACL Services Ltd.