Upload
pierce-cooper
View
222
Download
1
Tags:
Embed Size (px)
Citation preview
ACL Solutions for Continuous Auditing and Monitoring
John Verver CA, CISA, CMCVice President, Professional Services & Product StrategyACL Services Ltd
Copyright © 2008 ACL Services Ltd. 2
ACL Services Ltd.
Continuous Auditing and Monitoring:Where are we? Where are we going?
• ACL has 11,000+ user organizations globally
• 33-40% of organizations consider they perform some form of Continuous Auditing
• Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012
Copyright © 2008 ACL Services Ltd. 3
ACL Services Ltd.
Continuous Auditing – ACL’s Experience
• Wide variation in CA approach and techniques
• CA part of a continuum of analytic usage
• Flexibility is key
Copyright © 2008 ACL Services Ltd. 4
ACL Services Ltd.
ad hoc repetitive
24 7 365
continuous
Continuum of Audit Analytics
• One-off analysis and testing
• Automated analyses and tests
• Managed and deployed from a central environment
• Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis
Copyright © 2008 ACL Services Ltd. 5
ACL Services Ltd.
Continuous Auditing: Issues to Address
• Data access and management• Quality and control • Sustainability and productivity• People and process
Copyright © 2008 ACL Services Ltd. 6
ACL Services Ltd.
ad hoc repetitive
24 7 365
continuous
A MANAGED ANALYTICS PLATFORM for AUDITSecure controlled access to dataConfiguration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflowOne common platform
Enabling the Continuum of Audit Analytics
Copyright © 2008 ACL Services Ltd. 7
ACL Services Ltd.
Data Access
Reporting &Presentation
AnalyticLibrary
Query & Analysis
Management& Automation
Management & Automation• Audit repository• User access & rights, data security• Centralized tests and processing• Continuous auditing management• Configuration & management
Query & Analysis• In-depth analysis• Audit-specific commands & scripting• Advanced analytics and predictive modeling• Centralized logging
Data Access• Access, extract, transform, load• Specialized format connectors• Audit data repository
Reporting & Presentation• Templates, charting• Dashboard integration• Report deployment and maintenance
Analytic Library• Packaged analytics, key business
processes
Copyright © 2008 ACL Services Ltd. 8
ACL Services Ltd.
Audit Analytics Repository
Data• Data sets for each audit
area• Data dictionaries• Data management & refresh
Findings & Results• Results management• Specific findings• Logs & other documentation
Analytics• Test library• Test documentation• “Best Practices”
documentation
Management & Automation
• Scheduling• Administration
• User access & rights
• Search• Security
Copyright © 2008 ACL Services Ltd. 9
ACL Services Ltd.
Populating and Refreshing the Audit Data Repository
• INFORMATICA for ACL AuditExchange o Industry leading technology for ETL (Extract Transform Load)o Connectors for any enterprise data
PowerCenter: Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL
Server, dBase B2B Complex Data Exchange:
PDF, XML, XBRL, Excel PowerExchange
Specialized data formats – HIPPAA etc
• ACL Data Access, including Direct Link for SAP
Copyright © 2008 ACL Services Ltd. 10
ACL Services Ltd.
ACL: Continuous Auditing and Continuous Monitoring
• ACL AuditExchange o Enables Best Practices in Audit Analyticso Provides a secure, controlled, well-managed and sustainable environment for the
continuum of Audit Analytics – Ad Hoc through Continuous Auditingo Provides benefits of Audit Analytics to the entire audit team, according to roleso A reliable environment for Continuous Auditing
• ACL Continuous Controls Monitoring o Provides management and audit with insight into control effectivenesso Monitors all transactions throughout business process cycleso Tests against suites of control ruleso Identifies and quantifies exceptions on a timely basis o Supports exception resolution and control remediationo Configuration and management of the monitoring process
Copyright © 2008 ACL Services Ltd. 11
ACL Services Ltd.
ACL Continuous Controls Monitoring Technology Framework
Copyright © 2008 ACL Services Ltd. 12
ACL Services Ltd.
ACL CCM Product Suite
• Continuous testing of transactions in core business process areas against sets of internal control rules
Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger
Copyright © 2008 ACL Services Ltd. 13
ACL Services Ltd.
ACL CCM Product Suite
• Browser-based interface:o Manage Continuous Monitoring processo Security and Administrationo Manage test parameterso View, report and manage exceptions
Copyright © 2008 ACL Services Ltd. 14
ACL Services Ltd.
ACL CCM Product Suite – Large Enterprise Version
• Advanced capabilities for complex large scale enterprise monitoring • For 10+ control entities:
o Enhanced multi-entity configurationo Enhanced multi-entity parameter managemento Enhanced workflow and remediation
Copyright © 2008 ACL Services Ltd. 15
ACL Services Ltd.
• ACL audit analytics used for many years in Siemens entity internal audit organizations
• Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004
• 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise
• Believed to be largest purchase-payment transaction monitoring project in the world
ACL Enterprise Continuous Monitoring at
Copyright © 2008 ACL Services Ltd. 16
ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
Scale• All corporate entities (currently 900+)• All Purchase to Pay transactions• Daily with 90 days running history• 27 control tests• 275 different data sources & applications • Average 5GB of source data analyzed per entity• Primary integration environment: analysis of 200GB data for
~400 entities
Copyright © 2008 ACL Services Ltd. 17
ACL Services Ltd.
Enterprise Controls Monitoring at Siemens
Exceptions: workflow process• Process managed by entity business owners
o review all exceptionso assign appropriate category
• Unresolved exceptions automatically escalated through multiple CFO levels