7 th - Houston IIA Conference. Optimizing Analytics. Presented by Philip Billeaud

Transcription

1 7 th - Houston IIA Conference Optimizing Analytics Presented by Philip Billeaud 1

2 REVIEW NOTES FOR KEITH KAHL - THIS SLIDE TO BE EXCLUDE FROM PRESENTATION Break Out Session: 9:50-11:00, 70 minutes Noted below are the opening comments before beginning with the outline slide Opening Questions/Statements How do I create or optimize my DA function? How do I sell the new approach to management, board or business units? How do I kick start my initiative or improve my existing function? Audience Questions How do you define DA in your group? Who has DA function/routines/processes? How do you sell to management Introduction will discuss the following Audit paradigm has changed from sample approach to a comprehensive risk review Scope: Internal Audit perspective Presentation focused on fraud & compliance using structured + semi-structured data Focus on optimizing the analytics function within an IA department The goal is to not provide a laundry list of routines, plug & play scripts Goal is discuss challenges and how to overcome them, go from the new buzz word to actual results The presentation will focus on the optimization and finish with a risk universe examples Excludes Business or operational analytics, IT compliance areas such as DLP and internet monitoring & unstructured data (phone calls/security cameras] Predictive analytics 2

3 Outline - Introduction - People, processes & tools - Establishing expectations with stakeholders - First steps & incremental improvements - Stand-alone data analytic audits - Integration into regular audits - Communicating results - Challenges to optimization lyondellbasell.com 3

4 Introduction LyondellBasell Internal Audit Department 34 members, 21 Houston, 11 Rotterdam, 1 Frankfurt, 1 London 5 allocated to Data Analytics function Data Analytics Business & Functional Audits IT SOx Contract Recovery Event Monitoring Mgmt Requests Compliance Support IA Resources lyondellbasell.com 4

5 People, Processes & Tools People Determine skill sets [Acct/Finance or IT] Processes Define new audit methodology/standards Define new risk universe Tools Rationalize tools Excel/Access > ACL/IDEA > SQL/Hanna > Tableau lyondellbasell.com 5

6 Establishing Expectations with Stakeholders Audit Committee, Leadership Team & Auditees - Explain data analytics vs. traditional auditing - Understand Continuous vs. Event Monitoring - Tie analytics to key company policies: - Code of Conduct - Delegations of Authority - Travel - Partner with HR & Legal - Establish tests/analytics with your clients - Define ownership of new processes lyondellbasell.com 6

7 First Steps & Incremental Improvements Define your Data Analytics Risk Universe Financial, operational, compliance, HSE Utilize ACFE, IA and professional memberships Map out Data Universe Create your primary data cubes - Pcard - A/P - Manual JEs - T&E - A/R Create anonymous Internal Audit box Monitor and track successes Increase # / sophistication of scripts lyondellbasell.com 7

8 Data Analytics Risk Universe Examples Area Test Test Description Risk Type A/P IT Payroll Duplicate Payments Accounts Disabled Payments After Termination Date Control Type Identify duplicate payments to vendors 3 rd Party D Terminated employees no longer have access to LYB Systems Identify employees receiving a payment while in a terminated status Info Security Pcard Gift Cards Identify gift card purchases HR/Tax D HR D D Proc T&E Vendor PO Approval Fuel Expense No Car Rental Employee & Vendor Master Match Identify reqs and POs made by the same requester and approver Identify employees who submit a fuel expense but did not submit a car rental Ensure vendor registrants do not match the employee master file [conflict of interests] Procure HR Fraud P P D D = detective P - preventative lyondellbasell.com 8

9 Data Universe Map Example ERP 1 ERP 2 Data Analysis Tool Audit Analyses Pcard T&E Define owners Define frequency Reconcile monthly 3 rd Party Site Access Bank Trans lyondellbasell.com 9

10 Stand-Alone Data Analytic Audits Code of Conduct Audits Pcard > merge with T&E records T&E > merge with travel provider data Conflict of interest [vendor employee matches] Provisioning Audits IT / HR / Payroll Security site access Benefits Parking/per diems Insurance dependents lyondellbasell.com 10

11 Integration into regular audits One size does not fit all Determine during annual planning phase Stratify data Outliers Benford s analysis Limit role to risk review Bunny trail risk False positive black hole lyondellbasell.com 11

12 Communicating Results - One/two page reports with dashboards - Rate or not rate report? - Document records reviewed * - Document tests performed * * examples lyondellbasell.com 12

13 Challenges - Staff approach [entire group or designated team/person] - Scoping [top down approach vs. control testing] - Consistency of approach - Access to data - Quality of data - False positives - Reporting results lyondellbasell.com 13

14 Questions lyondellbasell.com 14