Continuous Auditing. Human Action Metrics. By Santos Monroy April 2, 2009

Transcription

1 Continuous Auditing Human Action Metrics By Santos Monroy

2 Continuous Auditing: Human Action Metrics Sample Transaction Audit Process Improvement Continuous Auditing (CA) Interdependent Partnership Achieving CA Human Action Metrics (3 Steps) 5 Key Steps in Continuous Auditing What CA: Human Action Metrics do for me? Useful Reports and Added Value Why CA: Human Action Metrics? Current Audit Process Current Audit Process vs. CA Process Continuous Audit Process Sample CA Dashboard Report AP GRC vs. CA Software Tools Questions 2

3 Sample Transaction Audit Process Improvement Simple Audit Program Authorization Clerk Expiration Date Date Client Signature Client Phone and TX DL Extended Credit Y/N QTY and Class Price per cost list Discount Y/N Invoice Number Comments 3

4 Sample Transaction Audit Process Improvement Past Manual Process (reconciliations and controls) Count Material Audit Inventory Process Present Automated Process (reconciliations and controls) Audit Inventory PCI Payment Card Industry Network and Security Operation Automation Controls Process Audit Inventory PCI Application Controls Process Improvement 4

5 Continuous Auditing (CA) Continuous Auditing defines the technologies and processes that allow an on going review and analysis of business information on a real time basis. Continuous auditing will require specialized skills of audit personnel to monitor information electronically and incorporate the use of intelligent agents, computer modeling and other software tools. Continuous auditing will give end users of information more timely assurance that the information is correct and may eventually lead to continuous reporting where financial information is updated and published as events occur. CA 5

6 Achieving CA Human Action Metrics Step 1: Interdependent Partnership Interviews Management and Determines Business Drivers Primary Secondary Other Drivers Enables IA and Operations with Reporting Tools, Delivery Tools and DB Access. CA Provides IA and IT Business Drivers Primary Secondary Other Drivers Software? Agree on Monitoring Time Frames Agree on Exception Reporting Time Frames 6

7 Achieving CA Human Action Metrics Step 2: Data Life Cycle Corrective Actions Rows and Columns 5 1 Maintenance Data Cause and Effect 4 Action 0% 2 Information Counts and Totals 3 Knowledge Patterns and Outliers 7

8 Achieving CA Human Action Metrics Step 3: 80/20 n 8

9 Definition CA: Human Action Metrics CA 4 Action 5 Maintenan ce 3 0 Knowledg e 1 Data 2 Informati on Interdependent Partnership Data Life Cycle 80/20 n 9

10 5 Key Steps in Continuous Auditing Risk Management Continuous Auditing Continuous Monitoring Continuous Assurance Process Improvement IA Ops IA IA/Ops Ops Minimize Risk and Increase Efficiency 10

11 What CA: Human Action Metrics do for me? Faster than Six Sigma Innovative Process Improvement Assurance Employee Empowerment 11

12 Useful Reports and Added Value Vendor Portfolio Management SOD AP Outsourcing Fixed Asset Insurance Trading AR Logistics Human Resource Client Service Purchasing Cards Employee Expenses Tax 12

13 Why CA: Human Action Metrics? Increase number of audits IT Ops Assurance Fin 13

14 Current Audit Process Planning Fieldwork Audit Report Follow up Review Announcement Letter Initial Meeting Preliminary Survey Internal Control Review Transaction Testing Advice & Informal Communications Audit Summary Discussion Draft Exit Conference Formal Draft Final Report Client Response Follow up Review Follow up Report Audit Program Working Papers Client Comments 14

15 Current Audit Process vs CA Process Current Planning CA Planning Current Fieldwork CA Fieldwork Announcement Letter Risk Assessment by Activity Transaction Testing Determine Key Controls Initial Meeting Preliminary Survey Internal Control Review Audit Leads CA CA Announcement Letter Advice & Informal Communications Audit Summary Select Testing Method Identify Testing Criteria Audit Program IA meet with Key Players Working Papers Automate Audit Report 15

16 Current Audit Process vs CA Process Current Audit Report CM/CA Report Current Follow up Review CA Follow up Review Discussion Draft Exit Conference Communicate CM Results Follow up Review Receive Feedback Formal Draft Final Report Client Response Client Comments Determine Exception Types CA Report Follow up Report Track Progress Employee Empowerment Self Assessment Process Improvement by Management 16

17 Continuous Auditing Process Planning Fieldwork CM/CA Report Follow up Review Risk Assessment by Activity Determine Key Controls Communicate CM Results Receive Feedback Audit Leads CA CA Announcement Letter Select Testing Method Identify Testing Criteria Determine Exception Types Track Progress Employee Empowerment IA meet with Key Players Automate Audit Reports CA Report Process Improvement by Management 17

18 Sample CA Report AP Effective Known Exceptions Undetermined Summary Audit Test Controls Report External Reports Effective Tables Used Monitoring Known Exceptions Other Process Undetermined 18

19 GRC vs. CA Governance, Risk Management, and Compliance (GRC) is a term that reflects a way in which organizations adopt an integrated approach to these three areas. GRC includes multiple overlapping and related activities within an organization. Internal Audit Compliance ERM Incident Management Financial Reporting Operational Risk Environmental Concerns Increased Board Liability Regulatory Environments Global Business Requirements Regulators Employees Media Investors Business Partners CA NOW GRC 6 to 12 months 19

20 Software Tools IDEA ACL Reliant Audit CA APPROVA OVERSIGHT GRC BWise Protiviti Compliance 360 Cura MetricStream OpenPages MEGA AXENTIS Certus Software QUMAS Mitratech Strategic Thought Group IBM Paisley Software BI Business Objects Hyperion Computer Associates 20

21 Questions Contact Information Santos Monroy Houston IIA President Mobile (832)