Using data analytics and continuous auditing for effective risk management

Similar documents
Welcome to the 404 Institute Webcast

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

7 Key Trends in Enterprise Risk Management

Continuous Monitoring: Getting Results Today!

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

Third Party Risk Management ( TPRM ) Transformation

Continuous Auditing - A Delicate Chemistry

Using Technology and Big Data to Provide Customers with a Passenger Experience. IBTTA September 12, 2017

Data & Analytics enabled Internal Audit

EY Center for Board Matters. Leading practices for audit committees

AUDIT UPDATE OCTOBER 2018

CONTINUOUS AUDITING - UPDATE. Travis S. Moser, CISA

Building a World-Class Data Analysis Function for Internal Audit

IIROC 2015 Financial Administrators Section Conference

Positioning Internal Audit to Deliver Value

Technology Assurance: A Challenge for RAFM in an Evolving Market. Jerusa Verasamy

Internal Audit s Brave Prudent, New World Annual WNY Conference

Road to Self Governance

Intelligent automation and internal audit

Control and testing transformation

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Internal Audit Analytics Advantages and Challenges

Taking ERM to a. 6 GRC Today / October 2015

Extended Enterprise Risk Management

KPMG s financial management practice

A Process for Data Requirements Analysis. David Loshin Knowledge Integrity, Inc. October 30, 2007

The importance of the right reporting, analytics and information delivery

Connecting the Dots: Your Role in Corporate Performance Management Part 2 Analytics Where Audit Meets Performance Stephen Wang Ernst & Young

Continuous Auditing/Monitoring Using Data Analytics Institute Of Internal Auditors/ISACA Conference, 27/28 August 2015 Presented by: Tricha Simon

Board Audit Committee Training Automation of Audit Function. Anthony Wanyoike TeamMate Consulting East, Central & West Africa

Improving your finance function effectiveness

Top 35 Reasons You Need Contact Center Performance Management

The importance of the right reporting, analytics and information delivery

Click to edit Master title style

The Right KPIs, Metrics for High-performing, Cost-saving Space Management. An Approach and Case Study

Internal Audit and Technology Sustainable Analytics

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Internal Oversight Division. Internal Audit Strategy

Aligning Resources to Performance and Strategy: The Imperative for the "New Normal"

Improving the Patient Experience Across the Revenue Cycle

REPORT 2016/033 INTERNAL AUDIT DIVISION

2/20/2014. Agenda. Allen Still & Ryan Merryman March 31, CLAconnect.com CliftonLarsonAllen LLP Continuous Auditing Programs

The Robotics Auditors The Workforce of the Future. Giridhar LS CEO

Does a disrupted Internal Audit function mean a stronger strategic partner?

Master Data Management

PCF Analytics Workshop

INTERNAL AUDIT NEW DEVELOPMENTS & CHALLENGES BEFORE THE PROFESSION

The 5 Levels of Corporate Performance Management (CPM) Maturity: Climbing to the Top Floor

Advancing analytics and automation within internal audit

Feature. Adopting Continuous Auditing/Continuous Monitoring in Internal Audit

IT Audit Process Prof. Liang Yao Week Three IT Risk Assessment

CFO attestation: building a sustainable process

Master Data Management as a Global Business Service

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

Maximizing value from your lines of defense

ERP Is it for me? American Public Power Association Business & Financial Conference September 17, 2018

Take-aways from EY s series of Internal Audit Analytics roundtables over 2016

Thinking of changing your TMS?

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

5insights for. executives. Why wait until after RPA implementation to find out how to get it right?

Location of the job: CFO Revenue Assurance

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

Harnessing data and analytics to transform compliance

Understand your business BETTER. Intuitive. Location Aware. Cool Interface. BUSINESS ANALYTICS

EXECUTIVE ERP. EVALUATION AND INVESTMENT ROADMAP Developed for the Modern Business

ROI EVALUATION REPORT IBM COGNOS SOFTWARE

Continuous Auditing / Continuous Monitoring to Manage Risk and Performance

Business Process Services: A Value-Based Approach to Process Improvement and Delivery

Using Business Analytics to Improve Hospital Performance. Sandi Piatz, MBA Sr. Manager

The Concept: Moving from Data Analysis to Data Analytics

FINRA 2090/2111 Solutions & Expertise

The KPMG Audit Powered by Data & Analytics

Large Federal Agency Leverages IV&V to Achieve Quality Delivery for Critical Modernization Initiative

Michael Lammie Director, PricewaterhouseCoopers

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

3 Ways to Reduce the Costs of SOX compliance

Continuous Auditing and Monitoring technology - the next generation

Optimizing Your Finance Function

Organizing for BI. Halil Aksu Istanbul, Bogazici University

Digital Testing and Controls Automation A transformative approach to automating your control environment

Strathclyde Partnership for Transport

Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

Experience of Corporation of Chennai By C.Vijayaraj Kumar I.A.S Additional Commissioner (R&F) Corporation of Chennai

RiskTech Quadrant 2017 Watchlist Monitoring Solutions

CIA EXAM CONTENT. Part 1 :The Internal Audit Activitys Role in Governance Risk and Control

Accenture Profit Recovery and Analytics

Successful healthcare analytics begin with the right data blueprint

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

Certified Internal Auditor (CIA ) Exam Syllabus

Big risks require big data thinking: EY Forensic Data Analytics (FDA), powered by IBM

RSA Archer Compliance Management 5.2 Webcast

Turban and Volonino. Business Intelligence and Decision Support Systems

Internal Audit Solutions:

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

An Overview of the 2013 COSO Framework. August 2013

How to Measure the Value of Your Internal Audit Group

The bots are coming: Intelligent automation and the modern corporate treasury department

Transcription:

Using data analytics and continuous auditing for effective risk management November 2013 Irakis Kanavaris

Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations How KPMG can help 1

Current trends Technology, data analytics and continuous auditing Convergence of Business Intelligence; IT-Governance, Risk & Compliance; and CA/CM tools and techniques. Increased interest in CA/CM techniques by financial services, healthcare/life sciences, and public sector due to expanding regulations. Enhancing risk assessment activities with quantitative information. Internal audit focus on building repeatable and sustainable analysis for meaningful reporting; not long lists of anomalies (using data analytics ETL) Trend toward leveraging BI tools: As part of monitoring of KPIs/KRIs; For continuous risk assessment for audit planning purposes; For profiling of populations to focus transaction analysis and testing. 2

Common terminology Definitions and characteristics of CA/CM & DA Activity Definition Characteristics Continuous Auditing (CA) Collection of audit evidence and indicators by an auditor on information technology (IT) systems, processes, transactions, and controls on a frequent or continuous basis, throughout a given period. Third Line of Defense (i.e. assurance providers) Wide variety of organizational Data Not intended to become part of the internal control environment Process can also be used for Continuous Risk Assessment for dynamic audit planning purposes Continuous Monitoring (CM) Data Analytics Feedback mechanism (monitoring method) used by management to ensure that controls operate as designed and transactions process as prescribed. A process by which insights are extracted from operational, financial and other forms of electronic data internal or external to the organization. First and second lines of defense (i.e. business owners and standard setters respectively) Dynamic reporting with actionable output Responsibility of management Important component of the internal control structure Can provide automated controls and processes These insights can be: historical, real-time or predictive and can also be risk-focused (e.g., controls effectiveness, fraud, waste, abuse, policy/regulatory non- compliance) or performance- focused (e.g., increased sales, decreased costs, improved profitability, etc.) and frequently provide the how? and why? answers to the initial what? questions often found in the information initially extracted from the data. Definitions taken from KPMG LLP s Continuous Auditing and Continuous Monitoring: Transforming Internal Audit and Management Monitoring to Create Value, 2008 3

Control effectiveness Control effectiveness Common terminology A change from the Conventional audit approach The potential benefits of a continuous audit can be illustrated by comparing it to conventional audit methods: Impact on controls : Conventional Audit 90 80 70 60 50 40 30 20 10 - AUDIT AUDIT 1 2 3 4 5 6 7 8 9 10 11 12 Expectation Actual Trend Cyclical-based auditions, manual identification of control objectives Control effectiveness can improve after audit visits (when recommendations for improvements are performed) Sampling small percentage of population to measure control effectiveness and operational performance Time consuming data gathering may occur Impact on controls : Continuous Audit 90 80 70 60 50 40 30 20 10 - AUDIT 1 2 3 4 5 6 7 8 9 10 11 12 Expectation Actual Trend Testing is frequent and focused-controls and transactions are audited as they happen Control failures are detected immediately-effectiveness of controls is maintained and monitored Improved alignment with the businesses Conventional audits can be planned using improved data quality With data analytics, organizations have the ability to review every transaction-not just a sampling-which enables a more efficient analysis on a greater scale 4

KPMG approach Implementation Model Understanding the organization s risk profile is fundamental to implement CA/CM. By assessing the risks, we are able to prioritize and direct resources to those areas that are most important to the business. CA/CM is not only about technology. We also consider the role of people (e.g., CA/CM resources, skills and knowledge, executive support for CA/CM, etc.), and existing processes (e.g., CA/CM strategies, training processes, reporting processes, etc.). KPMG s CA/CM Implementation Model Supporting a CA/CM implementation is our industry and functional knowledge. We leverage our understanding of industry specific risks and control weaknesses, as well as our understanding of the systems and processes of the organization to achieve an effective and efficient implementation. 5

KPMG approach Continuous auditing/monitoring maturity evolution Ad hoc Integrated Analytics Repeatable & Sustainable Analytics Repetitive Analytics Continuous Auditing Continuous Monitoring Continuous Auditing of Continuous Monitoring Common applications of data analytics in an internal audit environment Less mature state More mature state Audit moves toward "repeatable and sustainable" or expanded scopes Audit leverages management's systems and tools to analyze data and to perform continuous risk assessment for dynamic audit planning purposes Internal Audit department serves as the pilot for continuous monitoring systems on behalf of management Tactical or burning platform issues drive also a CM initiative. Implementation of CM by management, frequently with the assistance of Internal Audit 6

KPMG approach Dimensions of continuous auditing and continuous monitoring 7

Manage Financial Resources Procurement Major Process Risk Rating Process Priority Rating Transportation Failure Product Failure Product feature mismatch with regulations Bribery and Corruption Failure to achieve gross margin Inefficient product capacity Poor system maintenance Lost or inaccurate order entered into system Loss of Major Vendor Due to Financial Unethical Sourcing Poor of cost control KPMG approach Risk Assessment to verification of Risk Management 1. Continuous Risk Assessment 2. Dynamic Audit Planning Risks Sub Process Procurement Planning Vendor Selection Purchasing Receiving Vendor Performance Management Quality Assurance Perform planning and budgeting Perform revenue accounting Perform management reporting Manage fixed assets PLAN 4. Verification of Risk Management 3. Audit Execution CHECK DO 8

KPMG observations Implementation challenges General Establishing consensus on objectives and success criteria Measuring and demonstrating success Limited resources (technology and human know-how) Data Analytics Definition of exception; addressing false positives and false negatives Workflow around exception resolution; managing volumes of exceptions Data Availability and Quality Lack of access to data Variety of disparate information systems with different data formats Incomplete data sets, inconsistent data quality Change Management Managing impact of CA/DA processes on auditors and other business processes 9

How KPMG can help Implementation assistance Data analysis Strategic plan development Key stakeholder identification Success criteria and measurements definition Tool evaluation and selection Fraud risk management Dashboards Reports and alerts 1 3 5 7 2 Business case development 4 Risk assessments & data analytics 6 Implementation plans Project management oversight 8 Co-sourcing Out-sourced services Change management 10

How KPMG can help Implementation assistance Develop a Strategic Plan Define the objectives you are trying to achieve Leverage CA to Enhance the Audit Planning Risk Assessment Process Increase Efficiency and Effectiveness in the Audit Process (e.g. use CA to focus on traditional areas of risk (e.g., Journal Entries; Order-to-Cash; P2P; Payroll; etc.) Identify key stakeholders and define the success criteria and related measurements Consider stakeholder needs for business performance and risks Agree on measures to define continuous auditing success (e.g. Quantitative factors like hours, number of audits and qualitative factors like enhanced governance and auditee satisfaction) Build an effective business case Identify risks not adequately covered Align with business objectives for initial wins and momentum Potential of continuous auditing and monitoring for the business 11

How KPMG can help Implementation assistance Develop Tactical Plans Design governance and reporting structure for continuous auditing activities Define owners and responsibilities for internal audit, IT and business Establish communication plans and schedules Determine Audit Committee reporting, as appropriate Evaluate data analytic skills and competencies Compare existing skills with necessary skills Evaluate short-term and long-term required skills Integrate data analysis into IA methodology and processes Consider opportunities to replace traditional procedures Assess the impact of changes on audit delivery and personnel Evaluate and select technology tools Identify and evaluate tools that will meet department requirements Assist with understanding pricing and licensing scenarios 12

How KPMG can help Implementation assistance Design and Execute Implementation Plans Manage organizational change (internal to Internal Audit and business-facing change Design and deliver trainings Indentify focus areas for implementation of CA to satisfy strategic objectives Design and establish data connection/ extract, analysis, and reporting mechanisms including risk and performance-based analytics, dashboards, scorecards, reports and alerts, etc. Evaluation of Existing Continuous Auditing Processes 13

How KPMG can help Technology tools KPMG s technology tools and services - F2V - K-Proctor - K-Dat - K-SoD Commercial Products 14

Closing remarks

Using DA & CA/CM for effective risk management KPMG s CA/CM implementation model A holistic approach 16

Thank you Iraklis Kanavaris, Supervising Senior Advisor Risk Advisory Services, IT Advisory Tel. +30 210 60 62 218 ikanavaris@kpmg.gr

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback