The Center for Audit Quality

Leveraging Technology to Provide More

Frequent and Standardized Forensic

Analysis

Christopher Rossie

Oversight Systems, Inc.

16 June 2007

2

Agenda

The “Expectations Gap”

The Center for Audit Quality (CAQ)

Fraud Task Force Actions

State of the Art Implementations

Questions

3

The Global Auditors’ Perspective

Global Public Policy Symposium– Paris, November 7-8, 2006– Driven by the six largest international firms

• BDO• Deloitte• Ernst & Young• Grant Thornton• KPMG• PricewaterhouseCoopers

Key Barriers– “Expectations Gap” relating to fraud and the ability of auditors

to uncover it at a reasonable cost– The need to develop talent and expertise to deliver consistent,

high-quality services– Legal and regulatory impediments adversely affecting clients

and auditors

4

The “Expectations Gap”

“Allegations of fraud are central in the ongoing lawsuits

brought by investors against individuals and companies, as

well as against audit networks for alleged failures to

uncover them”

“…there is a significant “expectations gap” between

what various stakeholders believe auditors do or should

do in detecting fraud, and what audit networks are actually

capable of doing, at the prices that companies or investors

are willing to pay for audits”

“But there are limits to what auditors can reasonably

uncover, given the limits inherent in today’s audits.”

5

The “Expectations Gap”

“…the ‘expectations gap’ arises because many investors, policy makers and the media believe that the auditor’s main function is to detect all fraud, and thus, where it materializes and auditors have failed to find it, the auditors are often presumed to be at fault.”

“Given the inherent limitations of any outside party to discover the presence of fraud, the restrictions governing the methods auditors are allowed to use, and the cost constraints of the audit itself, this presumption is not aligned with the current auditing standards.”

“What is sorely needed is a constructive dialogue among investors, other company stakeholders, policy makers and our own professionals about what should be done to close or at least narrow the ‘expectations gap’ relating to fraud.”

6

Audit Firm CEO Proposals

Subject All Public Companies to a Forensic Audit on a

Regular Basis

Subject All Public Companies to a Forensic Audit on a

Random Basis

Other “Choice-Based” Options

7

The Center for Audit Quality

Announced January 31, 2007

AICPA joined by BDO, Crowe Chizek, Deloitte, Ernst &

Young, Grant Thornton, KPMG, RSM McGladrey, and

PricewaterhouseCoopers

Successor to Center for Public Company Audit Firms

(CPCAF)

Fraud Task Force– Narrowing the expectation gap between investors

understanding of auditors’ responsibility for detecting fraud and that outlined by current rules and standards

– Work together as a profession to better detect fraud– Proactively work with and make recommendations to the Public

Company Accounting Oversight Board (PCAOB)

8

Fraud Task Force Actions

Improving fraud detection capabilities through the use of

forensic specialists and technology/tools

Manual Journal Entry Analysis – Extracting and mapping data is challenging– LOE is high for auditors and clients

Current State– Burden is on the auditor not the client– Not part of Clients’ Routine Process– Clients often don’t validate submissions– Lack of Client incentive and expertise– Data usually needs to be manipulated (e.g. develop unique JE

identifiers)– Labor intensive (not automated)– Cross Border Privacy– Multiple client systems & ERP vendors

9

Current State

Client DataEnvironments

(examples)

Misc.Flat Files

MainframeTapes

(VSAM)

RelationalDatabase Systems

Data Acquisition and Preparation(required for each data review)

The Presentation Area(ADW/Analytics)

The Back Room (Data Collection) The Front Room (Data Analysis)

Mapping toClient-specific File

Audit FirmAnalytics

• Browsing and Analysis• Standard Reports• Ad hoc Queries & Reports• Dashboards• Workflow

Audit Firm Users

One-off ManuallyGenerated Files

Audit Firm Tools

Manual Processes

Auditor datarequests

Finance requests fromIT

IT schedulesextract

File sent toauditor

Auditor reviewsformat & checks content

Finance validates data

Data Problems

Data Valid

10

CAQ Fraud Task Force Solution

Common Data Model for GL– Pre-defined format for all GL data– Independent of ERP systems’ formats– Focused on key requirements for evaluating journal entries– Multiple contributors

• XBRL-GL• PricewaterhouseCoopers Center for Advanced Research• Oversight System Financial Accounting and Reporting ontology• Input from Deloitte, E&Y, and KPMG

Firm-specific Analytics– Each firm has advanced analytics in use– Various software platforms are available to supplement firms’

tools– 80% of time requirement is in extraction and mapping– CDM-GL and software community involvement should positively

impact this– Wide-spread application is anticipated before 2010

11

Organize and Store Data in a Business View

Source System Data Model(s) Business Entity Model

Common Data Model

12

Common Data Model Extraction and Analysis

Source Extract StageMap &

Augment EntitiesFraud

Analytics ResultsUI &

ReportsExtract

ClientProduction

SystemExtraction and Mapping Analysis and Reporting

13

CAQ Forensic-in-the-Audit

Target AuditSystems

(examples)

Misc.Flat Files

MainframeTapes

(VSAM)

RelationalDatabase Systems

The Staging Area(CDM/OXM)

OpenSourceeXtractor/Mapper

(OXM)

Common DataModels(CDM)

eXtractor-Data access-Retrieval-Format -Dimensions

Mapper-Conversion- Keys-Integrity-Revisions-Delivery

Dimensional Tables Ready for Delivery

The Presentation Area(ADW/Analytics)

The Back Room (Data Management) The Front Room (Data Access)

Audit DataWarehouse

Analytics

• Browsing and Analysis• Standard Reports• Ad hoc Queries & Reports• Dashboards•Workflow

Audit and User Community

Open Source

ProprietarySoftware Vendor or Auditor

14

CAQ Model Benefits

Greatly improves audit effectiveness

Addresses multi-platform issues

Automates the validation and completeness testing process

Reduces the client data acquisition burden

Great example of transaction monitoring for audit, albeit only

at a frequency of quarterly

Companies have the opportunity to use the same extraction

and mapping process to build their own audit data

warehouses (ADW) and analyze their own general ledger

activities

Sub ledger common data models using the same approach

can be leveraged for broader auditing and monitoring

purposes

15

State-of-the-art Continuous Transaction Monitoring

Audit Data Warehouse

Exception Database

Continuous Auditing/Monitoring Data Management Real-Time Risk Management

OperationalSource

Systems

Audit DataWarehouse

IntelligentWorkflow

AI-BasedAnalytics

IT &Security

Logs

CustomApps

Other Systems

Re-usableAnalytics

Operations Risks

Compliance Risks

Control Risks

• Secure• Complete

transaction and workflow history

• Trusted “work of others”

Material Risk

Email Alerts

High Risk Control Reports

ComplianceReports

Full TransactionDetail

Audit Management Dashboard

Control Objective Weakness Workflow

Vendor

VendorVen.

Supplier

RDBMS – Flat FileMainframe - LDAP

Correction Validation

Data Acquisition and Mapping

16

Management Dashboard Views

Oversight Systems, Inc.3625 Cumberland Blvd.Suite 350Atlanta, Georgia 30339www.oversightsystems.com

Chris RossieVP, Business Developmentchris.rossie@oversightsystems.com770 984 4609

Thank you