IIA Springfield IL Chapter

Similar documents
Using Transactional Analysis for

AUDIT STATUS. Continuous Auditing Ideas and Priority Ranking Draft: 8/7/2012

Detecting Fraud Through Data Analytics

Leveraging Data Analytics to Expand Audit Coverage and Add Organizational Value

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

The Best of Crimes, the Worst of Crimes: Fraud Stories That Prove the Truth Is in the Transactions

Managing Fraud Risks. Procurement & Contacting. John J. Hall, CPA (970)

IMPORTANCE OF FINANCIAL PROCESSES INCLUDING CHART OF ACCOUNTS AND PRICING THE PRODUCT. By CA Ketoki Basu

Fraud Prevention, Detection, and Internal Controls

Accenture Profit Recovery and Analytics

Defining Payroll Process

Seattle Public Schools The Office of Internal Audit

ACL ESSENTIALS. Get insight into your ERP process health, compliance & financial exposure ACCOUNTS PAYABLE

9/13/2017 CHA-CHING! PAYROLL CONTROLS THAT PAY OFF PERSONAL INTRODUCTION. Personal Introduction. Melinda Stinnett, CPA, CIA Managing Director

Cash Reconciliations and Cash Handling

Don't Get Lost in the Labyrinth of Supplier Cost Flows into Projects. Dina Rotem John Sasali

File. Audit. City Auditor

Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

Data Management: Applying Data Analytics to a Continuous Controls Monitoring Solution

Financial Statement Close Process

POSITION DESCRIPTION Financial Administrator. February 2017

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Kianoff & Associates Crystal Clear Reports for Sage 100

SOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives

Segregation of Duties Employee Compensation

Accounting Specialist I Accounting Specialist II Accounting Specialist III Class Specification

Using Data Analytics as a Management Tool to Identify Organizational Risks

Internal Audit How the Internal Audit Function Facilitates Internal Controls. Office of the City Auditor City of Tallahassee

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

ACL ESSENTIALS. Get insight into your ERP process health, compliance & financial exposure SEGEREGATION OF DUTIES

Loch Lomond and The Trossachs National Park Authority. Key Controls Report

Garbage In - Garbage Out: Navigating through Bad Data to Perform Common Grant Accounting Tasks

Bottom-line Savings through Contract Compliance and Cost Recovery

Internal Control Evaluation

Federal Education Programs Financial Management Practices

Data Analytics: Where Do I Start?

Internal Controls Integrating COSO

Pay Grade: Effective Payroll Management

Detecting Fraud Through Vendor Audits

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

<Insert Picture Here> JD Edwards EnterpriseOne Financial Management

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

Fraud Risk Management

- Excessive gambling or investment habits - Strong challenge to beat the system - Undue family pressure such as divorce - Overwhelming desire for pers

Loch Lomond and The Trossachs. National Park Authority. Review of Internal Controls 2015/16. Prepared for Loch Lomond and The Trossachs.

Internal Audit Report

Apr 6 Thu 4:00 PM Deadline for submission of approved paper invoices and payment request forms to Payment Services.

Week 3: Fraud, Procure to Pay Process Controls

Department of Transportation Maryland Aviation Administration

The IT Risk Environment and Data Analytics. Parm Lalli Director, Focal Point Data Risk, LLC

Intuit QuickBooks Enterprise Solutions 11.0 Complete List of Reports

REPORT NO MARCH 2012 UNIVERSITY OF SOUTH FLORIDA. Operational Audit

Procurement Management Internal Audit

Contract and Procurement Fraud. Fraud in Procurement without Competition

Fraud Risk Management

Internal Audit Procurement Policies and Controls

Conducting an Internal Payroll Audit M I D W E S T R E G I O N A L P A Y R O L L C O N F E R E N C E O C T O B E R 5,

INTERNAL CONTROL HANDBOOK

Exhibit MSD 84W ENGINEERING TIME AND MATERIALS CONTRACT REVIEW

Guide to Internal Controls

HARNESSING THE POWER OF DATA ANALYTICS AND CONTINUOUS MONITORING

3 rd Annual Professional Development Conference Development District Association of Appalachia John G. Hulsey, CGFM

Whether you take in a lot of money. or you collect pennies

Internal Financial Controls (IFC) - An Overview

P-Cards Done Right. Katie Beatty Community Engagement Manager

ASSET INVENTORY BEST PRACTICES:

Stephen F. Austin State University

Accounts Payable on Campus: An Update

Cash Disbursement Procedure

Internal Audit Report. Post Implementation Review PeopleSoft Project Costing TxDOT Internal Audit Division

Finance Module Best Practices Dynamics GP. Speaker Name: McDowell, VanJura, Eichner GPUG

The Government Procurement Card

The Episcopal Diocese of Kentucky

JD Edwards EnterpriseOne Financial Management Overview

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

ACTION REQUIRED. Date: September 27, TTC Audit & Risk Management Committee. Auditor General

Oracle ERP Cloud Period Close Procedures

Internal Audit Report

integrate 2 Business Process Redesign: Business Process Recommendations Benefits Administration May 31, 2013

Enter Invoice. Invoice. No Holds. Approve Invoice. Pay Invoice. Reconcile Payments

AP Automation: Struggles, Strategies and Solutions

Data Exchange Module. Vendor Invoice Import

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

Internal Fraud Monitoring & Investigation Best Practices. By Tom Holland, CFE

Energy Future Holdings (EFH)

HFTP Hospitality Financial and Technology Professionals

Continuous Monitoring: Getting Results Today!

What does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP

Leverage T echnology: Turn Risk into Opportunity

ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE

University Internal Audit

Management Reporting System

Leading KPIs of Positive Financial Performance. Presented by: Hugh Shaw, Ventera Corporation Bill Riviere, Unanet

REPORT 2013/123. Audit of Managing for Systems, Resources and People System interfaces FINAL OVERALL RATING: PARTIALLY SATISFACTORY

FLORIDA DEPARTMENT OF TRANSPORTATION

ROSWELL PARK CANCER INSTITUTE CORPORATION INTERNAL CONTROLS OVER PROCUREMENT AND REVENUES. Report 2005-S-15 OFFICE OF THE NEW YORK STATE COMPTROLLER

Module Practical Application Checklist:

Internal Control Questionnaire

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Transcription:

Adding Value with Data Analytics IIA Springfield IL Chapter October 14, 2010 0 Jan Beckmann, CPA, ACL Certified Trainer, ACDA jbeckmann@bswllc.com 314.983.1254 1050 N. Lindbergh Blvd. St. Louis, Missouri 63132 314.983.1200 1551 Wall St., Ste. 280 St. Charles, Missouri 63303 636.255.3000 888.279.2792 www.bswllc.com 2009 Brown Smith Wallace All Rights Reserv

How does looking at the small details add big picture value?

Agenda Overview Management Expectations and Perspectives Benefits of Data Analysis Data Analysis Tools Data Integrity Adding Value Provide Management Information Quantify Exceptions Improve the Bottom Line Increase Operational Efficiency Include Fraud Tests Implement Continuous Auditing Make It Work Planning Performance Evaluation

Overview Management Expectations Standard audit and SOX findings aren t enough anymore. Undocumented policies and procedures Missing sign off on reconciliations Segregation of duties conflict

Overview Management Expectations Management expects us to find everything! Cost savings opportunities Operational improvements Quantified exceptions Fraud

Overview Management Perspectives Ask big-picture questions: What risks exist that would effect the company s operations? Should we expand our definition of risk? Public relations Related parties and strategic relationships Future growth of the organization What is necessary to manage risk?

Overview Benefits of Data Analysis 100% vs. sampling Red flags and trends Comparison to an outside source Identification of control weaknesses A new perspective The definition of insanity is doing the same thing over and over again and expecting a different result.

Overview Systems Don t Stand Alone Systems and manual processes must work together One can t exist without the other Analysis is most effective with good business and process knowledge 1

Overview 1 Data Analysis Tools ACL and IDEA No limits on data type or size Fast processing Prebuilt programs Excel and Access Already have access and knowledge System query tools, Crystal Reports, SQL, and SAS

Overview Data Integrity Weak system controls lead to bad data Bad data leads to bad information Integrity tests: Corruption, completeness, uniqueness, logical l relationships, proper boundaries 1

Overview Discussion Topics What software does your company use for data analysis? What data analysis projects have you already performed? What projects would you like to do or are currently planning? 1

Adding Value Provide Management Information Quantify Exceptions Improve the Bottom Line Increase Operational Efficiency Include Fraud Tests Implement Continuous Auditing

Adding Value Provide Management Information Does management get the reports they need? Example Accounts Receivable Extend aging categories. Consolidate credit exposure for companies with more than one customer number.

Adding Value Quantify Exceptions Is 5 of 20 reviewed really 25%? Examples: All ineligible participants on health plan. All customers with extended or unapproved credit terms. All terminated employees with system access.

Adding Value Quantify Exceptions Example Results Analysis Objective Identify potential exception transactions based on: Transactions on unauthorized cards. Transactions to invalid vendors. Transactions on weekends or holidays. Transactions over the $1,000 corporate policy limit. Transactions over the limit as stated by the credit card processor. Results Unauthorized cards None noted. Invalid Vendors - Approximately 100 transactions, totaling $58,000, which were mostly travel related. Transactions on Weekends 73 transactions totaling $43,000. Many of these were made at Wal-Mart, Target, Office Supply stores, etc. Transactions on Holidays 5 transactions totaling $5,300 were on New Year s Day, Thanksgiving, and Christmas Eve. Transactions Over $1,000-85 transactions totaling $123,000 over the $1,000 corporate policy. Five of 6 procurement card users had transactions over $1,000. Transactions Over Limit None noted

Adding Value Quantify Exceptions Example Results Analysis Objective Identify potential duplicate payments - Potentially the same invoices that were paid to the same vendor with different vendor numbers. Identify potential duplicate payments - Potentially the same invoices that were paid under two different invoice numbers to the same vendor number. Results 82 records (44 duplicates) totaling $893,622 were identified based on a different vendor number with the same: Invoice Number Invoice Date Amount Paid 99 records (53 duplicates) totaling $285,319 were identified based on a the same: Vendor Number Invoice Number after removing an A at the end of the invoice number in the data Amount Paid

Adding Value Quantify Exceptions Observations Observation: Employees paid premiums for one plan but received the benefits of a different plan due to inconsistencies in the eligibility data maintained by the Company and the TPA. In 6 cases, the employee elected a lower cost plan but received the benefit of a higher cost plan. Premiums were paid correctly based on their election. Claims were $35,192 for these 6 individuals id and their families during the timeframe of our review. Observation: Significant variances were noted between the Company s tracking of eligibility and the eligibility maintained by the TPA. The impact of these variances results in exposure to claim losses, undue administration i ti fees and the potential ti that t the stop loss coverage will not apply to these individuals. In addition, the eligibility data is used to actuarially calculate premiums for the Plan. The Company s eligibility database is incomplete and inaccurate. We noted the following: 577 instances of dependents with incomplete/invalid social security numbers. 18 instances in which an employee/dependent was removed timely from the Company s eligibility system, but not updated timely in the TPA s database, including 4 deceased employees. Excess claims totaling $45,240 were paid. Spouses of deceased employees were incorrectly allowed to remain on the Plan for years. A total of $72,606 in claims was paid by the Company in 2009 for 25 surviving spouses.

Adding Value Improve the Bottom Line Cost Recovery Duplicate payments Missed discounts Unused credits Revenue Leakage Underreported inventory samples Service payroll compared to billing

Adding Value Increase Operational Efficiency Where is your auditee s time spent? Several days to perform a reconciliation. Weeks to manually review system access segregation of duties. Do they consider it impractical to perform the reviews at all?

Adding Value Include Fraud Tests Why not build in test for fraud? What are you searching for? How will you know it when you see it? Use everything you can.

Adding Value Payroll Fraud Ghost employees Duplicate addresses or routing numbers No withholdings or deductions No overtime for hourly Misdirected payments Frequent changes to routing numbers Terminated employees with current pay 1

Adding Value Accounts Payable Fraud Conflict of Interest Employee / Vendor match Matching addresses or routing numbers Same name Last name as part of vendor name 1

Adding Value Accounts Payable Fraud Vendor Red Flags PO Box or no address Unusual payment terms Same vendor with different vendor number (key on addresses and FIN) Payments prior to due date 1

Adding Value Accounts Payable Fraud Purchaser Red Flags Sole source vendor awards Split purchase orders to circumvent authorization levels Purchases by unapproved purchaser 1

Adding Value Implement Continuous Auditing Enhance the control environment. 100% transaction testing to reduce operational, compliance and financial risks. Increase efficiency and effectiveness of the internal audit department. Provide cost savings and stop revenue leakage. Facilitate fraud detection. Enhance control environment as employees become aware of the level of detail review. Increase timeliness of control failure detection and quickly mitigate the risk of ongoing control failures. Provide a quick response to operational changes when used as a risk assessment tool.

Adding Value Continuous Auditing Risk and Test Identification What would you like to monitor for ongoing risk assessment? Ratios and/or key performance indicators trended by: Time Period (daily, monthly, quarterly, etc.), locations, product, shift, employee What are your areas of highest risk? Search for patterns and identify red flags to monitor high risk areas. Known areas of weak internal controls Assets susceptible to physical theft Revenue leakage Overpayments Key performance indicators Where do you have large amounts of data? Do you have disparate systems that may increase risk? What analysis is currently time intensive?

Adding Value Continuous Auditing Planning How will follow up of the exceptions be performed? Who is responsible management or audit? How frequently will the analysis be performed? How will you obtain the data?

Make it Work Planning Performance Evaluation

Make it Work - Planning Consider data analysis during audit plan development. Review existing audit programs for replacement procedures. Understand IT requirements to obtain data. Include learning curve time in the initial budget.

Make it Work - Performance Track time spent on: Data collection Training Data analysis Set on-the-job training expectations. Define documentation and file retention requirements.

Make it Work - Evaluation Request management feedback. Determine if the project is one that should be repeated. Develop database/method for sharing knowledge gained. Consider continuous auditing or monitoring. i

Make it Work Discussion Topics Training Who should you train? What skills should the candidate possess? How many people should you train? Should you develop a super user or introduce the entire department? What level of training is needed? Should you train IT Auditors, operational auditors, or both? What if you re only training one super user? Complementary software training Are any of the following necessary or desirable as well -- Excel, Access, general ledger queries, etc.?

Make it Work Discussion Topics Data Access How do you identify what is required? How do you get the data you need? What sources should you consider? What roadblocks might arise? How will you transfer the data? Are there any confidentiality concerns? How do you get IT upper management buy-in?

Summary Data Analysis can help you to: Change the way management views the audit department. Improve the company s bottom line. Strengthen th the control environment.

Contact Information Jan Beckmann, CPA, ACDA Brown Smith Wallace, LLC 1050 North Lindbergh Blvd St Louis, MO 63132 314.983.1254 jbeckmann@bswllc.com 1

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback