Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability

Size: px
Start display at page:

Download "Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability"

Transcription

1 Audit Trends & Framework for Improved Financial Reporting Data Quality, Integrity, and Reliability

2 Agenda Audit Readiness vs. Audit The Complexity of the DoD Environment The Role of Analytics Factors Contributing to Transaction Volume Size Solutions: Short-Term Solutions: Long-Term Enabling Tools Page 2

3 Audit Readiness vs. Audits Audit Readiness Focuses on controls and business process improvements The Challenge The tracing of data during audits is challenging in the DoD environment due to the complexity of the business process and systems environment Audits Focuses on data and tracing that data from the financial statement to the transaction to the supporting business process Page 3

4 The Complexity of the DoD Environment Designed to give employees maximum flexibility to accomplish their mission... while good for the warfighter, not conducive for accurate accounting Page 4

5 Billions The Complexity of the DoD Environment (cont.) This complexity creates far more transactional data in general ledgers and financial reporting systems than what would be expected for budgets Total Operational General Ledger Activity Activity $250 $4,500 $4,000 $200 $3,500 $3,000 $150 $2,500 $2,000 $100 $1,500 $1,000 $50 $500 $- $- Apple Army Exxon In comparison to other organizations with similar spending Notional Example things are more difficult for the Army because the department processes transactions (the same data) multiple times Page 5

6 The Role of Analytics on Audit Procedures Audits are dependent on analytical procedures, such as: Searching for abnormal balances and transactions Review Identifying outlier transactions that present greater risk of misstatement Identify Clean Up Organizations need to analyze their own financial data and clean up issues before audits begin Page 6

7 Size of Transaction Volume: Contributing Factors General Ledgers Multiple General Ledgers and associated consolidation issues related to data standard Undefined system logic for posting to general ledger accounts Lack of configuration control over changes to system logic Page 7

8 Size of Transaction Volume: Contributing Factors (cont.) Multiple Feeder Systems Without Reliable Interface Controls or Reconciliations Billions in suspense transactions? Lack of documentation linking accounting treatment to the business event Page 8

9 Size of Transaction Volume: Contributing Factors (cont.) Volume of Irregular Transactions Will not get an opinion on the validity of the balances if the organization cannot explain huge volumes of transactions in the ledgers Page 9

10 Solutions: Short-Term Improve financial reporting information by: Conduct substantive reconciliations for UoT completeness Reconciliations Documentation & Training Configure & Control Page 10

11 Enabling Tools for Solutions: Financial Data Repository and Visualization (conceptual view) Complete Financial System Sources ERP Environments Import, validate, consolidate, standardize & link Load and Organize Trusted Audit Analysis Data Layer GFEBS GCSS-A STANFINS SOMARDS CEFMS LMP Query & Explore Reconcile, search, group, filter, join, aggregate, categorize and extract data from multiple sources Reconcile, Analyze and Act Visualize Standard and Ad Hoc Reports and Dashboards Published Interactive Advanced Analytics Advanced statistical and computational techniques to identify anomalies & discrepancy Feeder Systems Source 1 Source Workflow Assign roles, review, route and act Page 11

12 Enabling Tools for Solutions: Financial Data Repository and Visualization (sample dashboards) Page 12

13 Solutions: Short-Term Improve financial reporting information by: Conduct substantive reconciliations for UoT completeness Document business events and associated posting logic Reconciliations Document proper journal voucher procedure and provide proper training to employees Design and implement effective configuration and access controls Document management and retrieval Configure & Control Documentation & Training Page 13

14 Solutions: Long-Term Improve financial reporting information by: Reducing to fewer general ledgers with associated standard data consistency Standardize a comprehensive and consistent business process and procedure for proper execution of day to day business event Monitor JVs execution Maximize ERPs capabilities and eliminate legacy feeder systems Design and implement monitoring process for mitigating inconsistency Page 14

15 Governance, Risk and Compliance Overview GRC is not a tool, but a complete solution set 1. Optimize risk, compliance and Control structure SOD Business Rule Definitions Configurable controls Data 2. Connect data source 2. Tie monitoring components to GRC module elements 3. Connect data source SAP Legacy JDE 6. Refine rules and tailor business processes Process optimization Configuration management User provisioning GRC Tool 4. Receive/validate control Notifications 5. Report and resolve Routing BU IA CFO BU IA IT Remediation plan Issue: Action: Owner: Open Close Pending Requires action Exception repository CFO IT Further trending and data analysis Rationalize expectations Page 15 Integrated dashboard

16 SAP GRC overview Components of SAP GRC Access Control Functionality Access Risk Analysis (ARA) Maintain SOD and critical access compliance across SAP systems Access Request Management (ARM) Automate workflow to manage approval and access provisioning and enforce mandatory SOD checks SAP GRC Risk Management (RM) Holistic risk visibility, risk intelligence through dashboards, key risk indicators Access Control (AC) Segregation of duties, critical and emergency access management, compliant access provisioning Process Control (PC) Central controls repository, automated configurable controls testing, real-time exception based reporting Process Control Functionality Planning, Risk and budgeting, Controls Library (R&C) Maintain forecasting, governance over control consolidations library including: Risk, Controls, Organizations, Test Plans Centralized Control Testing (CT) and Automated Monitoring (AM) Provide ability to manage all control testing including: Entity-level, Manual, and Automated testing Centralized Issue and remediation Emergency Access Management (EAM) Provide temporary emergency access with detailed audit trial Business Role Management (BRM) Enforce compliance during role design and automate role generation Fraud Management Global Trade Services Nota Fiscal Audit Management Environment, Health and Safety Sustainability Reporting Centralizes control reporting across regulations including Analytic Dashboards, Controls reporting, and Test Management Policy Management and Surveys - Central Master data policy repository and version management, control surveys, data integration Page 16

17 Questions Page 17