Upload
gervase-lawson
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
The Center for Audit Quality
Leveraging Technology to Provide More
Frequent and Standardized Forensic
Analysis
Christopher Rossie
Oversight Systems, Inc.
16 June 2007
2
Agenda
The “Expectations Gap”
The Center for Audit Quality (CAQ)
Fraud Task Force Actions
State of the Art Implementations
Questions
3
The Global Auditors’ Perspective
Global Public Policy Symposium– Paris, November 7-8, 2006– Driven by the six largest international firms
• BDO• Deloitte• Ernst & Young• Grant Thornton• KPMG• PricewaterhouseCoopers
Key Barriers– “Expectations Gap” relating to fraud and the ability of auditors
to uncover it at a reasonable cost– The need to develop talent and expertise to deliver consistent,
high-quality services– Legal and regulatory impediments adversely affecting clients
and auditors
4
The “Expectations Gap”
“Allegations of fraud are central in the ongoing lawsuits
brought by investors against individuals and companies, as
well as against audit networks for alleged failures to
uncover them”
“…there is a significant “expectations gap” between
what various stakeholders believe auditors do or should
do in detecting fraud, and what audit networks are actually
capable of doing, at the prices that companies or investors
are willing to pay for audits”
“But there are limits to what auditors can reasonably
uncover, given the limits inherent in today’s audits.”
5
The “Expectations Gap”
“…the ‘expectations gap’ arises because many investors, policy makers and the media believe that the auditor’s main function is to detect all fraud, and thus, where it materializes and auditors have failed to find it, the auditors are often presumed to be at fault.”
“Given the inherent limitations of any outside party to discover the presence of fraud, the restrictions governing the methods auditors are allowed to use, and the cost constraints of the audit itself, this presumption is not aligned with the current auditing standards.”
“What is sorely needed is a constructive dialogue among investors, other company stakeholders, policy makers and our own professionals about what should be done to close or at least narrow the ‘expectations gap’ relating to fraud.”
6
Audit Firm CEO Proposals
Subject All Public Companies to a Forensic Audit on a
Regular Basis
Subject All Public Companies to a Forensic Audit on a
Random Basis
Other “Choice-Based” Options
7
The Center for Audit Quality
Announced January 31, 2007
AICPA joined by BDO, Crowe Chizek, Deloitte, Ernst &
Young, Grant Thornton, KPMG, RSM McGladrey, and
PricewaterhouseCoopers
Successor to Center for Public Company Audit Firms
(CPCAF)
Fraud Task Force– Narrowing the expectation gap between investors
understanding of auditors’ responsibility for detecting fraud and that outlined by current rules and standards
– Work together as a profession to better detect fraud– Proactively work with and make recommendations to the Public
Company Accounting Oversight Board (PCAOB)
8
Fraud Task Force Actions
Improving fraud detection capabilities through the use of
forensic specialists and technology/tools
Manual Journal Entry Analysis – Extracting and mapping data is challenging– LOE is high for auditors and clients
Current State– Burden is on the auditor not the client– Not part of Clients’ Routine Process– Clients often don’t validate submissions– Lack of Client incentive and expertise– Data usually needs to be manipulated (e.g. develop unique JE
identifiers)– Labor intensive (not automated)– Cross Border Privacy– Multiple client systems & ERP vendors
9
Current State
Client DataEnvironments
(examples)
Misc.Flat Files
MainframeTapes
(VSAM)
RelationalDatabase Systems
Data Acquisition and Preparation(required for each data review)
The Presentation Area(ADW/Analytics)
The Back Room (Data Collection) The Front Room (Data Analysis)
Mapping toClient-specific File
Audit FirmAnalytics
• Browsing and Analysis• Standard Reports• Ad hoc Queries & Reports• Dashboards• Workflow
Audit Firm Users
One-off ManuallyGenerated Files
Audit Firm Tools
Manual Processes
Auditor datarequests
Finance requests fromIT
IT schedulesextract
File sent toauditor
Auditor reviewsformat & checks content
Finance validates data
Data Problems
Data Valid
10
CAQ Fraud Task Force Solution
Common Data Model for GL– Pre-defined format for all GL data– Independent of ERP systems’ formats– Focused on key requirements for evaluating journal entries– Multiple contributors
• XBRL-GL• PricewaterhouseCoopers Center for Advanced Research• Oversight System Financial Accounting and Reporting ontology• Input from Deloitte, E&Y, and KPMG
Firm-specific Analytics– Each firm has advanced analytics in use– Various software platforms are available to supplement firms’
tools– 80% of time requirement is in extraction and mapping– CDM-GL and software community involvement should positively
impact this– Wide-spread application is anticipated before 2010
11
Organize and Store Data in a Business View
Source System Data Model(s) Business Entity Model
Common Data Model
12
Common Data Model Extraction and Analysis
Source Extract StageMap &
Augment EntitiesFraud
Analytics ResultsUI &
ReportsExtract
ClientProduction
SystemExtraction and Mapping Analysis and Reporting
13
CAQ Forensic-in-the-Audit
Target AuditSystems
(examples)
Misc.Flat Files
MainframeTapes
(VSAM)
RelationalDatabase Systems
The Staging Area(CDM/OXM)
OpenSourceeXtractor/Mapper
(OXM)
Common DataModels(CDM)
eXtractor-Data access-Retrieval-Format -Dimensions
Mapper-Conversion- Keys-Integrity-Revisions-Delivery
Dimensional Tables Ready for Delivery
The Presentation Area(ADW/Analytics)
The Back Room (Data Management) The Front Room (Data Access)
Audit DataWarehouse
Analytics
• Browsing and Analysis• Standard Reports• Ad hoc Queries & Reports• Dashboards•Workflow
Audit and User Community
Open Source
ProprietarySoftware Vendor or Auditor
14
CAQ Model Benefits
Greatly improves audit effectiveness
Addresses multi-platform issues
Automates the validation and completeness testing process
Reduces the client data acquisition burden
Great example of transaction monitoring for audit, albeit only
at a frequency of quarterly
Companies have the opportunity to use the same extraction
and mapping process to build their own audit data
warehouses (ADW) and analyze their own general ledger
activities
Sub ledger common data models using the same approach
can be leveraged for broader auditing and monitoring
purposes
15
State-of-the-art Continuous Transaction Monitoring
Audit Data Warehouse
Exception Database
Continuous Auditing/Monitoring Data Management Real-Time Risk Management
OperationalSource
Systems
Audit DataWarehouse
IntelligentWorkflow
AI-BasedAnalytics
IT &Security
Logs
CustomApps
Other Systems
Re-usableAnalytics
Operations Risks
Compliance Risks
Control Risks
• Secure• Complete
transaction and workflow history
• Trusted “work of others”
Material Risk
Email Alerts
High Risk Control Reports
ComplianceReports
Full TransactionDetail
Audit Management Dashboard
Control Objective Weakness Workflow
Vendor
VendorVen.
Supplier
RDBMS – Flat FileMainframe - LDAP
Correction Validation
Data Acquisition and Mapping
16
Management Dashboard Views
Oversight Systems, Inc.3625 Cumberland Blvd.Suite 350Atlanta, Georgia 30339www.oversightsystems.com
Chris RossieVP, Business [email protected] 984 4609
Thank you