ACL AuditExchange 2009 - Virginia ACL Users Group
Download
Report
Transcript ACL AuditExchange 2009 - Virginia ACL Users Group
The Leading Global Provider of Audit Analytics Technology
ACL Solutions Update
Virginia User’s Group
Copyright © 2008 ACL Services Ltd.
Steve Biskie CPA, CITP, CISA
Best Practices Program Director,
[email protected]
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Why Continuous?
Provide management with ability to investigate and resolve
problems before they escalate
– minimizing losses and containing costs
Improve ability to quantify risk (both likelihood and impact)
Establish a strong tone-at-the-top
Leverage automation power required for CA/CM to:
– Increase assurance through 100% testing of all transactions
– Reduce time spent on control testing, allowing resources to focus on
control improvement
– Enhance monitoring consistency across the enterprise, reducing
dependency on people
2
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuous Auditing and Monitoring:
Where are we? Where are we going?
ACL has 11,000+ user organizations globally (85% of Fortune 500)
Numerous ACL user organizations have independently developed
CA/CM applications using built-in ACL scripting and dialogs
ACL first introduced packaged CM application in 2001
– Largest implementation of CCM over P2P in the world: 2008
ACL AuditExchange released in May, 2008
– managed analytic platform for audit
– ultimately the platform for all ACL solutions going forward
3
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
Largest P2P transaction monitoring project in the world
– All corporate entities (currently 900+)
– 275 different data sources & applications
– All Purchase to Pay transactions (20-40 Million transactions/day)
Exceptions: workflow process
– Process managed by entity business owners
– Unresolved exceptions automatically escalated through multiple CFO levels
4
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
ACL CCM Product Suite
Browser-based interface:
–
–
–
–
Manage Continuous Monitoring process
Security and Administration
Manage test parameters
View, report and manage exceptions
5
The Leading Global Provider of Audit Analytics Technology
Copyright © 2008 ACL Services Ltd.
Users only
need a
standard
web browser
and a
connection to
the CCM
server.
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Organized by business
process and sub-process
Organized by business units that
share similar control policies
7
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Payment tests results
8
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Analytic test description
Specific test results for two business units for same vendor invoice
9
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Parameters can be changed to
include or exclude new values into
the analytics for future CCM tests.
All changes are logged and restricted
to only authorized users.
10
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
6+ years of CCM: What we learned
Design differences despite similar tests
Differing reporting requirements across organization
Tremendous flexibility required by complex organizations
Cross-departmental project challenges
Test flexibility and adaptability needs increase as organizations
learn more about their own processes
Strong need for ad-hoc analytic capabilities along with pre-defined
CCM tests
11
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuum of Audit Analytics
One-off analysis and
testing
Automated analyses and
tests
Managed and deployed
from a central
environment
Continual execution of
automated audit and
monitoring tests to identify
errors, fraud and
anomalies on a timely
basis
24
7
365
ad hoc
repetitive
continuous
12
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Enabling the Continuum of Audit Analytics
A MANAGED ANALYTICS PLATFORM for AUDIT
Secure controlled access to data
Configuration, automation and scheduling of tests
Management of tests, documentation, findings, logs, workflow
One common platform
24
7
365
ad hoc
repetitive
continuous
13
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Extending Analytics Value Across the Department
ACL AuditExchange
Data Specialists
Auditors / Analysts
Auditors, Audit Management & Audit Executives
Needs
Needs
Needs
Broad, direct data
access
Ad hoc query
Broader audit coverage
Scripting & script
management
Ability to review analytic findings across the team & against
audit plan objectives
Audit-specific functions
Ability to share selected results with management across the
enterprise (Audit Committee, Finance, Risk Compliance, etc.)
Data preparation &
management
Maintain data
security
Preserve network
efficiency
CREATE
Automation of audit tests
Comprehensive audit
trail
Implement continuous auditing & monitoring
CONSUME
REVIEW
14
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Populating and Refreshing the Audit Data Repository
ETL for ACL
AuditExchange includes:
Flat files
Delimited
ODBC - compliant data
sources
Sybase
SQL
Informix
Oracle
dBase
Microsoft Access
Simple XML
Connectors for Complex
Databases include:
DB2
Teradata
IMS for z/OS
VSAM for z/OS
ADABAS for z/OS
Connectors for Complex
Data include:
Connectors for ERP
Systems include:
Oracle e-Business Suite
PeopleSoft Enterprise
SAP ERP, BW, CRM
Add-ons to the Complex Data
Exchange include format libraries for:
With a Complex Data Exchange, you
can reach:
PDF
Spreadsheet data
Report (Print) files
Complex XML
XBRL
SAP Private file formats
SWIFT
HIPAA
HL7
15
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
16
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
17
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
18
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
19
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
20
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Continuous Auditing and Monitoring:
Implementation Options
Option 1: Buy a pre-packaged CCM application
Option 2: Implement ACL’s AuditExchange, and incrementally
build a continuous platform using internal capabilities
– Focus on a handful of analytics in high-value areas
– Use success and $ savings from these results to fund future expansion
– Rely primarily on internal experience
Option 3: Kick-start an ACL’s AuditExchange continuous program
with a comprehensive program of training, consulting and
coaching
– Focus on high-risk business cycles
– Use ACL consulting to build initial analytics, while coaching internal
employees to build and maintain subsequent improvements
– Emphasis on getting up-and-running quickly
21
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
B R E A K I N G N E W S:
Option 4 – The Find Money Fast program
Optional configured analytics designed to find money fast!
22
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Implementation Observations
Planning and Program Management
Developing Audit Staff
Data for the Casual Auditor
Defining and Measuring Success
23
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Steve Biskie CPA, CITP, CISA
Best Practices Program Director,
Alliance Coordinator
[email protected]
24
ACL Services Ltd.
Copyright © 2008 ACL Services Ltd.
Why ACL vs. other tools?
Designed for Audit: Built-in audit-specific functions
Assurance: Logs record every audit activity for QA
Independence: Non-technical auditors can perform analysis with
limited reliance on IT personnel
Data Integrity: Read-only tool cannot change data
Efficiency: Quickly process millions of records
Breadth: Read data from practically any source
Flexibility – Change and maintain tests quickly with limited vendor
reliance
Recruiting: Over 200,000 auditors use ACL
25