Transcript Slide 1
Utilizing Data to Drive Competitive Advantages
Devin Amato Mike Ostendorf Jeff Roy Deloitte & Touche LLP March 13, 2008 ISACA Kansas City
AGENDA
What is Data Quality & Integrity (DQI)?
Risks of Poor DQI Management and DQI Benefits Implementing a DQI Approach Applying Data Analysis
2 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity? (DQI)
D
ata
Q
uality
& I
ntegrity
In order for organizations to perform business processes, reliance is placed on the organization’s data. Business success is based on good decisions and almost all decisions are based, either directly or indirectly, on data.
Make Sound Business Decisions Minimize Expenses Maximize Revenue Meet Financial Goals Manage Resources Manage Information Manage Business Alliances Manage People Meet Regulatory Requirements
4 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity?
Data Quality and Integrity (DQI) is data that is:
• • • Complete Are vendor records complete?
Valid Are vendor records up to date?
Consistent Are vendor records consistent across various applications?
Using this definition, DQI is more than just having valid data – it is also about the completeness and consistency of the data. However, data has more than three dimensions…
5 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
What is Data Quality and Integrity?
Data Quality and Integrity (DQI) is data that is also:
• • • • Availability Is the data available Trusted Does it have a reputation for being trusted and reliable Relevant Does it answer the questions the organization Other Dimensions 6 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
DQI - The Value Proposition
DQI recognizes data as a precious business asset It asks questions regarding the ownership and treatment of data and the configuration surrounding repositories that house data.
Like other business assets, data can experience: • Spoilage • Theft • • Misuse Hording DQI diagnoses problems and examines processes that work to preserve the value of business data 7 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Risks of Poor DQI Management
Effect of Data Defects
Data defects can affect organizations in a wide variety of ways • Implementations/Conversions System changes often highlight data quality defects within the data being converted Delays in cutover to new systems Increase in project costs • Financial Reporting Delays in closing process due to invalid data Misrepresentation of financials Revenue leakage • Regulatory Compliance Efforts Data defects may indicate that certain controls are ineffective Misrepresentation of financials or performance metrics • Customer Relations Invalid or outdated customer data Slow response to customers 9 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
The Hidden Costs of Data Defects
The costs of data defects are hard to quantify – but it is easy to see how the impacts can be costly
Potential Effect of Data Defects Delayed system implementation due to data quality defects Potential Cost Resources spent fixing data quality defects manually Delayed closing of books at year-end due to transactions with invalid account numbers Inaccurate metrics, misrepresentation of performance Staff accountants manually reclassifying transactions to valid accounts Regulatory penalties, other punitive action Increased opportunity for fraud Loss of revenue, negative publicity, damaged public image Inaccurate billing, tax allocation Revenue leakage 10 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Managing the wide range of data quality issues with traditional approaches is less effective
Traditional approaches : Attempt to manage data quality without attempting to measure data quality and the impacts of poor data quality Consequences: Poor prioritization of work effort and inappropriate allocation of resources to address data quality issues Focus on “data cleansing”, and monitor data quality without focusing on processes to manage Manage data standards and definitions within functional or application “silos”, organization even though the data is shared across the Data is “clean” at one point in time, but quality degrades over time Inconsistencies in data definitions, standards, and business rules often cause operational inefficiencies and poor business decisions
11 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Data Quality Benefits
Immediate benefits are derived from cleansing efforts during a ERP or e business transformation. Significant additional benefits can be derived from optimization efforts.
Data Cleansing Benefits
Cleaner transformation from legacy to ERP Increased value on software implementation and systems integration Requirement to succeed in transformation to e-business Potential reduced risk exposure Sustained competitive advantage through cleaner information for front- and back-office collaboration Enabler for improved customer service
Data Optimization Benefits
Improve cash flow Increased understanding of relationships with trading partners across organization Analysis that support strategic decisions Improved utilization of resources by focusing on areas of the business that will deliver largest results Reduction of risks within customer and supplier base © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Implementing a DQI Approach
How to Begin
Build awareness and acceptance of DQI as a key management item Establish a formal group responsible for defining DQI management approaches Implement a structured approach for assessing both the extent and the impact of data quality problems in the organization Define a DQI strategy for moving the organization forward
Based on our experience, the most effective DQI improvement initiatives are driven by experienced, cross-functional teams applying structured approaches and tools.
14 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Enhance Data Quality
Standardization
Scoping & Planning Current State Assessment Design Gap Analysis Build
Identify DQI Leaders Develop DQI Workplan & Timeline Understand Business and Data Flows Design Corrective Actions Perform Gap Analysis Perform Risk Assessment Design Process & Organization Ensure integration of DQ Standards Perform Data Analysis Perform Root Cause Analysis Change Management Design Sustainment Cycle Develop Implement ation plan Implement & Monitor Corrective Actions Implement Process and Organization Implement Sustainment Cycle 15 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
DQI Management Initiatives
Revenue Assurance • Examination and verification of events transpiring throughout the revenue life cycle for the purpose of identifying and eliminating leakage Cost Savings and Recovery • Provide assurance that a company is managing its expenditures’ processes in a controlled manner and capitalizing on any opportunities for better cost management Inventory Analysis and Estimation • Applies quantitative methods to reduce costs associated with inventory management business processes Complex Accounting Analysis • Assist in reviewing complex accounting and transactions. Ensuring regulatory compliance.
• FAS123R 16 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
DQI Management Initiatives
Content Quality • Implementing a data management strategy that addresses data quality standards, data maintenance controls, and data optimization Systems Implementation Support • Provides a risk-based methodology to evaluate and improve data quality before, during, and after systems implementations and conversions Continuous Monitoring • An optimal approach to monitor business processes and controls real-time by leveraging existing data sources in conjunction with analytical tools and customized business metrics 17 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Applying Data Analysis
Applying Data Analysis
A variety of topics in the field of auditing are gaining new attention as data analysis applications are being developed to support them. We will explore some of these topics.
Continuous Monitoring Cost Savings / Cost Recovery Revenue Assurance Fraud Detection Supplementing the Financial Audit © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Objective
The primary objective of a Continuous Audit Monitoring approach / methodology would be to assist management in accomplishing the strategic goals and objectives of the company through risk mitigation. This can be accomplished through: Identifying key risk indicators related to • • • • achievement of business objectives, reliability and accuracy of financial information compliance with laws, regulations, and company policies IT systems and interfaces.
Designing automated processes, tools, and a management reporting system to enable Internal Audit to continuously monitor these key risk indicators.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Metrics
Special attention should be offered to the design of the Continuous Monitoring system. In particular, the design of the metrics that are monitored affect the quality and value of the system.
Performance Marketing Response Rates Order Fulfillment Times Ratio of Return Customers Vendor Lead Times Loan Default Rates Customer Service Responses Product Returns Analyses Financial Days in Accounts Receivable Accounts Payable Debit Balances Duplicate Claims / Payments Inventory Turns & Obsolesce Shrink Percentages by Location Cash Disbursement Anomalies Gross Margin Target Variances © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Implementation Approach
Assess Design Deliver Sustain Assess • Risk, Metrics, and Data Design • Transform Data & Metrics Deliver • Provide Business Intelligence Sustain • On-going Monitoring & Executive Reporting © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess Design Deliver Sustain • • • •
Gain Understanding
Develop Risk Assessment Strategy Perform Operations Risk Assessment & Prioritization Determine risk and performance measurement objectives and prioritization Identify relevant business and best practice metrics © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess Design Deliver Sustain • • • •
Develop Analytical Structure & Collect Metrics Data
Collect and aggregate metric data Validate integrity and completeness of metric data Develop appropriate analytical methods for benchmarking scoring & indexing Analyze and compare metrics and benchmarks © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess Design Deliver Sustain
Business Intelligence Delivery
• Implement most relevant metrics benchmarks and indices • Determine and implement optimal architecture • Determine and implement reporting interface © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Assess Design Deliver Sustain Ongoing Monitoring & Executive Reporting • Monitor and measure performance and risk indicators • Identify potential, problems requiring corrective action • Reassess/refine business intelligence model as necessary © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Benefits
Value added management tool for “real time” analysis Audit wider range of balances, transactions, attributes, etc. through automated tools and exception-only reports (population vs. samples) Opportunity to reduce / replace traditional audit procedures Assists in migration towards on-going risk assessment vs. annual audit plan/budget development Enhances efficiency of control and compliance procedures Provides meaningful management summaries Enables trend analysis and benchmarking Generate quantifiable results Provides cost saving ideas © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Opportunities for Cost Savings
Vendor Consolidation Payment Optimization Exploiting discounts Improvement in contract terms and/or pricing Freight Optimization Cleanse and optimize Vendor Master File Reduction in maverick spend Competitive Pricing Lower transaction processing costs © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Opportunities for Cost Recovery
Duplicate payment analysis Missed Discounts • • Individual invoice Vendor contract discounts Purchase orders outside of existing vendor contracts Freight Recovery Price variances Rebates and/or promotions Sales and Use Tax © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Vendor Master Data Tests
Duplicate Vendor Analysis • Vendor Number • Vendor Name • Vendor Address • • Taxpayer ID Number D-U-N S® Number Cross-referencing of vendor and employee master data • Same address or name • Must first understand handling of expense reimbursements Vendor Activity Analysis • Dormant vendors • Unusually active vendors (may require a baseline) © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Expenditures Tests
Strategic Analysis (A/P Invoices, Disbursements, and Goods Receipts) • Reporting volumes, amounts, and averages by vendor • Reporting negative and zero dollar transactions • Identifying outliers (largest and smallest) • • Stratification of transactions to identify potential risk areas and/or thresholds Benford analysis Data Integrity Analysis (A/P Invoices and Disbursements) • Gaps in Check Numbers (by checking account) • Payments to/Pos from Non-vendors/employees • • • Payment prior to Invoice Date Large Payment Analysis Recurring Payment/AP Invoice Analysis Duplicates Analysis (A/P Invoices and Disbursements) • By amount and vendor • • Confine to a fixed day-window to avoid recurring payments Take duplicate vendor analysis results into account © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Disbursements Tests
Freight Analysis • Duplicate billings for same shipment • Shipments to the same location in a short timeframe • Analysis of abnormal freight costs, based on other and/or historical shipments • Reconciliation of shipments to A/P and goods receipts records • Carrier discount optimization Employee Expense Analysis • Wage disbursements with no or unusual withholdings • • Travel and other expense reimbursement analysis Benefits Health care spend reduction © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Disbursements Tests
Reconciliation Analysis • Purchase Orders to A/P Invoices Price variances • Quantity variances A/P Invoices to Goods Receipts • Quantity variances A/P Invoices to Disbursements Amount variances – consider the 1 to m factor © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Revenue Leakage
Direct Revenue Loss • Driven by poor manual and systematic controls • Is estimated to be as high as 6% of revenue for many companies • Primary considerations Customer Service – Contracts – Credits Product pricing Billing inaccuracies – Are you billing for things you should not?
– Are you not billing for things that you should?
Tax/tariff allocation – Are you paying too much?
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraud Detection
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent activity can occur at any time within an organization. Its effects can be widespread and often lead to significant monetary losses. Each department within an organization is susceptible to fraudulent activity. However, some departments are more vulnerable than others.
A Big Problem
The Association of Certified Fraud Examiners estimates revenues lost in 2002 to occupational fraud and abuse will total approximately 6% of corporate revenues. If applied to the U.S. Gross Domestic Product, this translates into: • • Losses of $600 billion $4,500 of lost revenue per employee Over half of the 663 cases studied caused losses of over $100,000. Approximately one of every six resulted in losses which exceeded $1 million.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts
The median length of time from inception to detection for occupational frauds was 18 months.
• Expense Reimbursement and Check Tampering schemes lasted approximately 24 months.
• Billing Schemes last approximately 23 months.
A Manager or Executive was the perpetrator of fraudulent activity over 40% of the time. • The median cost of frauds perpetrated by managers or executives was $250,000.
• The median cost of frauds perpetrated by employees was $70,000.
• Employee & Manager collusion yielded a median cost of $500,000.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts
Males are responsible for committing 53.5% of fraud at a median cost of $200,000. The median cost of fraud perpetrated by females is $60,000.
Employees, Managers, Executives, etc. are most likely to commit their fraud between the ages 41-50. The most costly fraud activities are performed by people over 60 years old. The median cost is $500,000.
A typical fraud perpetrator is a first-time offender. Only 7% of those studied were known to have prior convictions for fraud-related offenses.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Interesting Facts
Employees with a high school education or less are perpetrators of fraud over 55% of the time at a median cost of $70,000.
Those with a bachelor degree are next, accounting for over 30% (and a median cost of $243,000). Two out of every three fraud schemes are performed by individuals acting alone at an average cost of $67,000. Fraudulent activities performed by two or more people cost approximately $450,000.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Types of Fraud
“Asset Misappropriation” describes any act involving the misuse of a company asset for personal gain. Fraudulent disbursement schemes and receipts manipulation are both exposures that must be addressed.
Examples include: • Billing schemes • • Fraudulent expense reimbursements Payroll fraud © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes
Billing schemes occur when an employee submits a false invoice or alters an existing one, thus causing the company to willingly (but unknowingly) issue a check for false expenses.
Billing schemes are popular because: • They do not involve the direct theft of cash or checks from the company.
• The check received is valid because it passed through the disbursement cycle.
• They are the most costly of all asset misappropriations, which means significant rewards for fraudster.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes
Billing schemes are accomplished in three ways: • Invoicing via Shell Companies An employee will create a fictitious company for the sole purpose of committing fraud.
Invoices are sent to the victim company, requesting payment to the shell company.
• The fraud perpetrator receives the check.
Invoicing via Non-accomplice Vendors Such vendors are used for “Pay and Return” schemes.
• An employee will intentionally pay a legitimate invoice twice. He/she will then contact the vendor and request one of the checks be returned. It is then intercepted and converted.
Personal Purchases with Company Funds After making a personal purchase, an employee will submit an unauthorized invoice to the Accounts Payable Department. By making it appear the item was purchased for the company, the fraudster is attempting to have his/her personal expense paid.
The invoice submitted by the employee is not legitimate and therefore must appear professional to avoid scrutiny.
Supporting documentation, such as purchase requisitions, are also forged to suggest the invoice is valid.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Billing Schemes
How can billing schemes be prevented?
• Prior to authorizing payment, invoices should be checked for validity of the vendor, validity of the goods or services invoiced, accuracy, and authenticity.
• Prior to processing payment, invoices should be checked for proper authorization, accuracy and authenticity. This will prevent overpayment, as well as payments being made to fictitious vendors.
• Strictly control access to vendor master data.
How can check tampering potentially be detected through data analysis?
• Vendor-level expenditures analysis • Benford analysis • Duplicates analysis • Vendor master data analysis © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements
Expense reimbursement schemes occur when an employee submits false expenses in the hope of being reimbursed by the company. They are similar to payroll schemes in that the documentation provided causes the organization to unknowingly disburse funds to the fraudster.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements
Expense reimbursement schemes can be accomplished using the following tactics:
• Mischaracterized Expenses An employee will request payment of a personal expense by claiming it was “business related”.
• • Overstated Expenses An employee will overstate the cost of actual business expenses through altered receipts.
Fictitious Expenses Employees will manufacture receipts, often by acquiring blank receipts from a vendor.
• Multiple Reimbursements An employee will seek reimbursement for the same expense several times by submitting various types of support for the same expense, usually during different pay periods.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements
How can fraudulent expense reimbursements be prevented?
• Expenses should be reimbursed only if an original receipt has been submitted as support.
• Receipts should be scrutinized to detect alterations or forgeries.
• Other means of proving incurred expenses, such as airline itineraries, credit card statements, etc. should not be accepted unless approved by a supervisor.
• All expense reimbursements should be reviewed and immediately processed upon approval. This would prevent “approved” expenses from being altered prior to payment.
• Use a specific credit card for all business expenses. Receive this information electronically from credit card company and require electronic filing of expense reports by employees. This will minimize the possibility of fraud, and if fraud is occurring, will provide an easier means to identify it.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Fraudulent Expense Reimbursements
How can fraudulent expense reimbursements potentially be detected through data analysis?
• Use a specific credit card for all business expenses. Receive this information electronically from credit card company and require electronic filing of expense reports by employees. Reconcile the two data sets.
• • Duplicates analysis.
Benford analysis.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud
Payroll schemes occur when an employee submits false documentation (i.e. timecards) in an effort to inflate his/her wages/salary. Such documentation prompts the organization to unknowingly disburse funds to the perpetrator.
Possible ways in which Payroll Fraud can occur: • Falsified Hours and Salary • Ghost Employees © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud
How can payroll fraud be prevented? • All timecards should be reviewed for validity and accuracy.
• Once submitted for approval, employees should never see their timecard again. This will prevent them from altering their hours after the card has been “approved” for payment.
• • Overtime hours must be authorized by a supervisor.
If employees use a time clock to “punch in” and “punch out”, they must do so when they arrive for work, take breaks, go to lunch, leave for the day, etc. This will provide the most accurate portrayal of time worked, as opposed to someone forgetting to use the clock and then inflating their hours because they were forced to estimate.
• Monitor employees to assure one employee is not punching out for another.
• Strictly control access to payroll master data.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Payroll Fraud
How can payroll fraud be detected through data analysis? • Review personnel files for duplicate addresses, P.O. boxes, or social security numbers. Duplicate information may suggest “ghost” employees are on the payroll.
• Perform an employee-level hours analysis, comparing employees’ hours with peers in their departments.
© Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Financial Statement Assertions Assertion
Validity/ Existence
Description
The asset / liability exists and can be traced to source documentation Completeness Transactions / assets / liabilities that SHOULD be in the financial statements ARE Recording / Cut off Each asset / liability is recorded at an appropriate carrying value Valuation Presentation & Disclosure The entity has rights to an asset at a given date a liability is an obligation at a given date Financial statement components are properly classified and described © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Sales and Receivables
DQI Procedures
Summarize sales activity over the testing period and reconcile to the GL, identify unusual transactions around cut-off date Recalculate aging for 100% of A/R Calculate historical collection percentage and write-offs to confirm management estimates Compare open A/R by customer to the credit limit in the Customer Master Compare pricing in the invoice file to approved price list √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Sales and Receivables (cont’d)
DQI Procedures
Identify invoices without an associated shipment and shipments without an invoice Compare invoice dates to shipment dates √ √ Identify sales to customers not in the Customer Master file, inactive, without a credit limit, infrequent buyers Identify returns more than xx days from date of sale √ √ √ √ Identify sales to customers at a discount rate greater than xx% of the average product price for the period under review Identify gaps in invoice sequence, duplicates √ √ Extract all credit balances in A/R to ensure correctly classified √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
Balance: Payables
DQI Procedures
Recreate A/P aging and generate customized reports (by different time buckets, customer, etc.) Match the A/P open billed & unbilled to subsequent disbursements file by period to identify open, unpaid invoices Compare invoice and purchase order amounts and dates Identify invoices posted with duplicate purchase order numbers √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Balance: Payables (cont’d)
DQI Procedures
Create a sample of debit disbursements for validity testing and summarize by period to identify unusual year-end fluctuations Identify vendor profiles with missing information, obsolete vendors and duplicate/similar vendors √ Identify payments recorded for goods not received and identify goods received and not recorded √ √ Identify payments to unapproved vendors and duplicate payments √ Identify payments approved by same individual who approved the purchase order Perform gap testing on check numbers in the disbursements file to identify missing checks or checks out of sequence √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Fixed Assets
DQI Procedures
Recalculate depreciation expense and accumulated depreciation for 100% of the assets in the Fixed Assets Master file and reconcile Identify over-depreciated assets (net book value less than zero) Identify assets without an associated useful life and without a registered location Identify assets being depreciated over inappropriate useful lives based on asset class √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Fixed Assets (cont’d)
DQI Procedures
Perform a keyword search on the asset description to identify assets that potentially should be expensed rather than capitalized Compare current year fixed asset data to prior year data, noting changes in key data elements such as acquisition cost, in-service date, residual value, and useful life.
Perform CMA sample on Fixed Assets for physical inspection Identify duplicate assets by tag, serial/part number or description Summarize assets by category and depreciation rate √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Payroll
DQI Procedures
Identify duplicate, missing and terminated employees in the payroll master file and match to any payments Identify employees receiving payments after termination date Identify salaried employees receiving pay amounts above a predetermined threshold Identify hourly employees with submitted hours above a predetermined weekly threshold √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Payroll (cont’d)
DQI Procedures
Identify rates of pay for hourly employees above a predetermined rate Reconcile and perform a CMA on payroll suspense accounts to ensure appropriately classified Identify employees who have not taken time off from work or have taken minimal time off per HR Master file Identify paychecks that have excessive, even or round numbers Identify paychecks not conforming to Benford’s law on gross pay or net pay, bonuses or commissions √ √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Inventory
DQI Procedures
Reconcile inventory and perform a CMA sample for test counts Identify duplicate inventory items Recalculate extended cost for 100% of inventory Summarize purchases by month and assess whether unusual fluctuations exist at year-end √ √ √ √ √ √ √ √ √ √ √ © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Account Balance: Inventory (cont’d)
DQI Procedures
Identify inventory items with negative or zero cost, price or quantity Identify excess and obsolete inventory items Identify inventory items with a cost greater than the retail/selling price Identify inventory items with a low profit margin based on predetermined threshold Summarize inventory by product group/class and stratify by last delivery and last cyclical count Identify inventory items without a recorded location © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
√ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
Case Study 1
Overview
You work for a mid-size manufacturing company. Due to recent economic conditions, you have been charged with tightening spend and identifying potential cost recoveries within the purchase-to pay cycle. Identify, as a group, what areas you would focus this review on, what procedures you will perform, and what results you hope to obtain. 62 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
Case Study 2
Overview
During a recent audit, it was determined that a terminated employee had been receiving full pay and benefits, along with his wife, 3 children, and mother. The employee had been terminated 9 months when this finding was identified. As a group and using data analysis, what could have been done to identify this and what can be done to identify all instances of these occurrences and prevent these in the future? 63 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.
64 © Copyright 2008, Deloitte & Touche LLP. Proprietary & Confidential, All Rights Reserved.