ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd

ACL Solutions for Continuous Auditing and Monitoring

John Verver CA, CISA, CMCVice President, Professional Services & Product StrategyACL Services Ltd

Copyright © 2008 ACL Services Ltd. 2

ACL Services Ltd.

Continuous Auditing and Monitoring:Where are we? Where are we going?

• ACL has 11,000+ user organizations globally

• 33-40% of organizations consider they perform some form of Continuous Auditing

• Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012


ACL Services Ltd.

Continuous Auditing – ACL’s Experience

• Wide variation in CA approach and techniques

• CA part of a continuum of analytic usage

• Flexibility is key


ACL Services Ltd.

ad hoc repetitive

24 7 365

continuous

Continuum of Audit Analytics

• One-off analysis and testing

• Automated analyses and tests

• Managed and deployed from a central environment

• Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis


ACL Services Ltd.

Continuous Auditing: Issues to Address

• Data access and management• Quality and control • Sustainability and productivity• People and process


ACL Services Ltd.

ad hoc repetitive

24 7 365

continuous

A MANAGED ANALYTICS PLATFORM for AUDITSecure controlled access to dataConfiguration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflowOne common platform

Enabling the Continuum of Audit Analytics


ACL Services Ltd.

Data Access

Reporting &Presentation

AnalyticLibrary

Query & Analysis

Management& Automation

Management & Automation• Audit repository• User access & rights, data security• Centralized tests and processing• Continuous auditing management• Configuration & management

Query & Analysis• In-depth analysis• Audit-specific commands & scripting• Advanced analytics and predictive modeling• Centralized logging

Data Access• Access, extract, transform, load• Specialized format connectors• Audit data repository

Reporting & Presentation• Templates, charting• Dashboard integration• Report deployment and maintenance

Analytic Library• Packaged analytics, key business

processes


ACL Services Ltd.

Audit Analytics Repository

Data• Data sets for each audit

area• Data dictionaries• Data management & refresh

Findings & Results• Results management• Specific findings• Logs & other documentation

Analytics• Test library• Test documentation• “Best Practices”

documentation

Management & Automation

• Scheduling• Administration

• User access & rights

• Search• Security


ACL Services Ltd.

Populating and Refreshing the Audit Data Repository

• INFORMATICA for ACL AuditExchange o Industry leading technology for ETL (Extract Transform Load)o Connectors for any enterprise data

PowerCenter: Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL

Server, dBase B2B Complex Data Exchange:

PDF, XML, XBRL, Excel PowerExchange

Specialized data formats – HIPPAA etc

• ACL Data Access, including Direct Link for SAP


ACL Services Ltd.

ACL: Continuous Auditing and Continuous Monitoring

• ACL AuditExchange o Enables Best Practices in Audit Analyticso Provides a secure, controlled, well-managed and sustainable environment for the

continuum of Audit Analytics – Ad Hoc through Continuous Auditingo Provides benefits of Audit Analytics to the entire audit team, according to roleso A reliable environment for Continuous Auditing

• ACL Continuous Controls Monitoring o Provides management and audit with insight into control effectivenesso Monitors all transactions throughout business process cycleso Tests against suites of control ruleso Identifies and quantifies exceptions on a timely basis o Supports exception resolution and control remediationo Configuration and management of the monitoring process


ACL Services Ltd.

ACL Continuous Controls Monitoring Technology Framework


ACL Services Ltd.

ACL CCM Product Suite

• Continuous testing of transactions in core business process areas against sets of internal control rules

Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger


ACL Services Ltd.

ACL CCM Product Suite

• Browser-based interface:o Manage Continuous Monitoring processo Security and Administrationo Manage test parameterso View, report and manage exceptions


ACL Services Ltd.

ACL CCM Product Suite – Large Enterprise Version

• Advanced capabilities for complex large scale enterprise monitoring • For 10+ control entities:

o Enhanced multi-entity configurationo Enhanced multi-entity parameter managemento Enhanced workflow and remediation


ACL Services Ltd.

• ACL audit analytics used for many years in Siemens entity internal audit organizations

• Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004

• 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise

• Believed to be largest purchase-payment transaction monitoring project in the world

ACL Enterprise Continuous Monitoring at


ACL Services Ltd.

Enterprise Controls Monitoring at Siemens

Scale• All corporate entities (currently 900+)• All Purchase to Pay transactions• Daily with 90 days running history• 27 control tests• 275 different data sources & applications • Average 5GB of source data analyzed per entity• Primary integration environment: analysis of 200GB data for

~400 entities


ACL Services Ltd.

Enterprise Controls Monitoring at Siemens

Exceptions: workflow process• Process managed by entity business owners

o review all exceptionso assign appropriate category

• Unresolved exceptions automatically escalated through multiple CFO levels


ACL Services Ltd.

Questions?

Contact: [email protected]

Documents

ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd