Transcript Proposal to Sasol for Data Analytics & Associated Service

Continuous Monitoring as a tool for
Fraud Detection
Anton Bouwer
CQS Technology Holdings
[email protected]
The Market
Agenda
Fraud Detection Defined
Continuous Monitoring Evolved
Data access
Programming
knowledge required
Difficult to identify
analytics
Difficult to
implement analytics
Insight & Detail
Continuous Monitoring – Continuous SAP Monitoring
Summary: Keys to Success
Difficult to
automate
Difficult to manage
Fraud Detection Defined
Fraud is an intentional deception made for personal gain or to damage another
individual; the related adjective is fraudulent.
. Wikipedia – 2011
"… any illegal act characterized by deceit, concealment, or violation of trust. These
acts are not dependent upon the threat of violence or physical force. Frauds are
perpetrated by parties and organizations to obtain money, property, or services; to
avoid payment or loss of services; or to secure personal or business advantage.“
Institute of Internal Auditors’ International Professional Practices Framework
(IPPF)
Data analysis technology enables auditors and fraud examiners to analyze an
organization’s business data to gain insight into how well internal controls are
operating and to identify transactions that indicate fraudulent activity or the
heightened risk of fraud. Data analysis can be applied to just about anywhere in an
organization where electronic transactions are recorded and stored.
ACL - 2011
IPPF Standards
The International Professional Practices Framework (IPPF) contains the
following Standards on fraud and internal audit’s role:
1200 – Proficiency and Due Professional Care
1220 – Due Professional Care
2060 – Reporting to Senior Management and the Board
2120 – Risk Management
2210 – Engagement Objectives
Continuous Monitoring Evolved
Data access
Programming
knowledge
required
Difficult to
identify
analytics
Difficult to
implement
analytics
Difficult to
automate
Difficult to
manage
Assumption: Any data table can be accessed.
Types of data access methodologies
ODBC
SAP Direct Link
Kiss
Obtain user ID
Get IT on your
side
Report files &
PDF
XML; XBRL
AX Datasource
Delimited; DBF
GOOGLE!!!
Maximum 10
tables! (Not 35k)
Establish environment
Scrutinise data
tables
Create data
dictionaries
Just do it
Import as often as possible. Each
attempt gets easier.
Practice makes perfect
FACT: ALL FILES CAN BE
ACCESSED!
Software Solutions for Financial Integrity and Control
Fable: Programming knowledge required
Software Solutions for Financial Integrity and Control
Software Solutions for Financial Integrity and Control
Fable: Difficult to identify forensic analytics
Types of Analytics in all areas
•SoD
•Adherence to control objectives
•Accuracy
•Completeness (over & under)
•Data Quality
•Industry specific
Software Solutions for
Financial Integrity and
Control
Don’t
complicate
matters!!
Keep it Simple: Can you explain your findings?
Analytic Repositories
Fable: Difficult to implement, automate & maintain
Apply proven
analytics
ER
P
Exceptions distributed via
web-based viewer
Centralized Investigation
Management
ACL
• Engagement & Content Management
• Automation
• Analytic Processing
Manage All Types of Forensic
Content
Enterprise
Data
Data
Analytics
SQL
D/B Interface
Connections
from AX Core
ACL Specialist
Crystal
Reports
Excel
PDF
Projects
Results
Audio
Word
PowerPoi
nt
Forensic Investigators
Business
Stakeholders
Case Study
Continuous SAP Fraud Detection
Client Environment & Requirements
•
•
•
•
SAP in different countries
Needed standardised analytics for all investigators
Automated data downloads to central repository
Exception management through workflow
Solution – ACL SAP ACLelerator
Software Solutions for Financial Integrity and Control
Data Repository
• AX Link download of SAP tables
Encrypted
and
compressed
ER
P
ER
P
ER
P
ER
P
ER
P
ER
P
ER
P
Download
from 6
countries
AX server in
SA and
Europe
Software Solutions for Financial Integrity and Control
Schedule data
downloads
and SAP
accelerator
Software Solutions for Financial Integrity and Control
Email forensic
investigator
when
exceptions are
ready for
review
Email
management
link to findings
Software Solutions for Financial Integrity and Control
Software Solutions for Financial Integrity and Control
Continuous Monitoring Final Solution:
Frontend
Used by:
Forensic
Investigators
Internal Audit
External Audit
Management
Running Ad-Hoc Investigations
•
•
•
•
•
Running any Analytic on Request
Running Analytics with parameters
View results
Filter source data
Download results
Benefits
• Data available to entire forensic team
• Data accuracy and analytic quality assured +
standardised
• Forensic skills applied on exceptions, not samples
• Business knowledge & understanding increased
• Same data used by forensic team, internal audit,
external audit and management
• Duplicated payments identified before payment
takes place
• Exceptions management enforced through
workflow
ACLerator
Business Integrity, Insight
and Beyond
•
•
•
•
Conclusion
Continuous monitoring is a reality. No fable.
Forensic skills needed; in fact required for CM to succeed
Data access – No mystery; only commitment needed.
Which analytics to include? Large repositories exist, simple
framework
• High levels of programming skills required to start? No; cut, paste &
map will do.
• Technology exist. Much lower investment required than before
• FACT: In 5 years very few forensic departments will function
without continuous monitoring.
Questions at Stand 14