ACL AuditExchange 2009 - Virginia ACL Users Group

Download Report

Transcript ACL AuditExchange 2009 - Virginia ACL Users Group 

The Leading Global Provider of Audit Analytics Technology
ACL Solutions Update
Virginia User’s Group
Copyright © 2008 ACL Services Ltd.
Steve Biskie CPA, CITP, CISA
Best Practices Program Director,
[email protected]
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Why Continuous?
 Provide management with ability to investigate and resolve
problems before they escalate
– minimizing losses and containing costs
 Improve ability to quantify risk (both likelihood and impact)
 Establish a strong tone-at-the-top
 Leverage automation power required for CA/CM to:
– Increase assurance through 100% testing of all transactions
– Reduce time spent on control testing, allowing resources to focus on
control improvement
– Enhance monitoring consistency across the enterprise, reducing
dependency on people
2
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuous Auditing and Monitoring:
Where are we? Where are we going?
 ACL has 11,000+ user organizations globally (85% of Fortune 500)
 Numerous ACL user organizations have independently developed
CA/CM applications using built-in ACL scripting and dialogs
 ACL first introduced packaged CM application in 2001
– Largest implementation of CCM over P2P in the world: 2008
 ACL AuditExchange released in May, 2008
– managed analytic platform for audit
– ultimately the platform for all ACL solutions going forward
3
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
 Largest P2P transaction monitoring project in the world
– All corporate entities (currently 900+)
– 275 different data sources & applications
– All Purchase to Pay transactions (20-40 Million transactions/day)
 Exceptions: workflow process
– Process managed by entity business owners
– Unresolved exceptions automatically escalated through multiple CFO levels
4
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
ACL CCM Product Suite
 Browser-based interface:
–
–
–
–
Manage Continuous Monitoring process
Security and Administration
Manage test parameters
View, report and manage exceptions
5
The Leading Global Provider of Audit Analytics Technology
Copyright © 2008 ACL Services Ltd.
Users only
need a
standard
web browser
and a
connection to
the CCM
server.
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Organized by business
process and sub-process
Organized by business units that
share similar control policies
7
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Payment tests results
8
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Analytic test description
Specific test results for two business units for same vendor invoice
9
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Parameters can be changed to
include or exclude new values into
the analytics for future CCM tests.
All changes are logged and restricted
to only authorized users.
10
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
6+ years of CCM: What we learned
Design differences despite similar tests
Differing reporting requirements across organization
Tremendous flexibility required by complex organizations
Cross-departmental project challenges
Test flexibility and adaptability needs increase as organizations
learn more about their own processes
 Strong need for ad-hoc analytic capabilities along with pre-defined
CCM tests





11
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuum of Audit Analytics
 One-off analysis and
testing
 Automated analyses and
tests
 Managed and deployed
from a central
environment
 Continual execution of
automated audit and
monitoring tests to identify
errors, fraud and
anomalies on a timely
basis
24
7
365
ad hoc
repetitive
continuous
12
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Enabling the Continuum of Audit Analytics
A MANAGED ANALYTICS PLATFORM for AUDIT
Secure controlled access to data
Configuration, automation and scheduling of tests
Management of tests, documentation, findings, logs, workflow
One common platform
24
7
365
ad hoc
repetitive
continuous
13
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Extending Analytics Value Across the Department
ACL AuditExchange
Data Specialists
Auditors / Analysts
Auditors, Audit Management & Audit Executives
Needs
Needs
Needs
 Broad, direct data
access
 Ad hoc query
 Broader audit coverage
 Scripting & script
management
 Ability to review analytic findings across the team & against
audit plan objectives
 Audit-specific functions
 Ability to share selected results with management across the
enterprise (Audit Committee, Finance, Risk Compliance, etc.)
 Data preparation &
management
 Maintain data
security
 Preserve network
efficiency
CREATE
 Automation of audit tests
 Comprehensive audit
trail
 Implement continuous auditing & monitoring
CONSUME
REVIEW
14
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Populating and Refreshing the Audit Data Repository
ETL for ACL
AuditExchange includes:
 Flat files
 Delimited
 ODBC - compliant data
sources
 Sybase
 SQL
 Informix
 Oracle
 dBase
 Microsoft Access
 Simple XML
Connectors for Complex
Databases include:
 DB2
 Teradata
 IMS for z/OS
 VSAM for z/OS
 ADABAS for z/OS
Connectors for Complex
Data include:
Connectors for ERP
Systems include:
 Oracle e-Business Suite
 PeopleSoft Enterprise
 SAP ERP, BW, CRM
Add-ons to the Complex Data
Exchange include format libraries for:
With a Complex Data Exchange, you
can reach:
 PDF
 Spreadsheet data
 Report (Print) files
 Complex XML
 XBRL
 SAP Private file formats
 SWIFT
 HIPAA
 HL7
15
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
16
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
17
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
18
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
19
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
20
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuous Auditing and Monitoring:
Implementation Options
 Option 1: Buy a pre-packaged CCM application
 Option 2: Implement ACL’s AuditExchange, and incrementally
build a continuous platform using internal capabilities
– Focus on a handful of analytics in high-value areas
– Use success and $ savings from these results to fund future expansion
– Rely primarily on internal experience
 Option 3: Kick-start an ACL’s AuditExchange continuous program
with a comprehensive program of training, consulting and
coaching
– Focus on high-risk business cycles
– Use ACL consulting to build initial analytics, while coaching internal
employees to build and maintain subsequent improvements
– Emphasis on getting up-and-running quickly
21
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
B R E A K I N G N E W S:
Option 4 – The Find Money Fast program
 Optional configured analytics designed to find money fast!
22
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Implementation Observations




Planning and Program Management
Developing Audit Staff
Data for the Casual Auditor
Defining and Measuring Success
23
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Steve Biskie CPA, CITP, CISA
Best Practices Program Director,
Alliance Coordinator
[email protected]
24
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Why ACL vs. other tools?
 Designed for Audit: Built-in audit-specific functions
 Assurance: Logs record every audit activity for QA
 Independence: Non-technical auditors can perform analysis with
limited reliance on IT personnel
 Data Integrity: Read-only tool cannot change data
 Efficiency: Quickly process millions of records
 Breadth: Read data from practically any source
 Flexibility – Change and maintain tests quickly with limited vendor
reliance
 Recruiting: Over 200,000 auditors use ACL
25