While the majority of executives and internal audit leaders agree that data analytics is important, according to the 2016 IIA CBOK study, only 40% of respondents are using technology in audit methodology. Why the disconnect?
In this webinar, we identify some of the common challenges associated with starting and continuing to use data analytics in your audit process. Easy-to-implement methods that help expand the use of data analytics and improve your audit coverage are also presented.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
3. AGENDA
1. Who is NASDAQ?
2. What are the barriers to using Data Analytics?
3. How do you increase and expand use of Data Analytics?
4. Business and technology applications
5. What skills are required?
6. Gaining internal management support
7. Measure staff utilization and effectiveness
8. Takeaways & benefits to your organization
4. WHO IS NASDAQ?
More than a stock exchange…
• Multiple exchanges and clearing houses - NY, Philadelphia, Boston,
Nordics, Baltics, Canada, Europe
• Listing venue for publicly traded companies to raise capital (IPO)
• Multiple asset classes (equities, options, commodities)
Corporate Solutions
• Investor relations, public relations, multimedia solutions, governance
Market Technology
• Trading and data solutions to exchanges, alternative-trading venues,
banks and securities brokers
• Internal audit team - 20 worldwide - NY, Maryland, Philadelphia,
Stockholm, Vilnius
5. BARRIERS TO USING ANALYTICS
• We know Analytics are important
• While majority of internal audit leaders and C-suite
executives agree data analytics is important to
strengthening audit coverage, only a small percentage of
organizations are actively using Data Analytics regularly
• What are the barriers to starting, sustaining and expanding
the use of Data Analytics?
6. BARRIERS TO USING ANALYTICS
• Frustration: Natural reaction during implementation
• Occurs for the following reasons:
• Lack of technology skills
• No experience
• Not knowing how to incorporate a Data Analytics tool into the audit
• Source data - How to load it into the tool?
• Assessing progress
7. INCREASING USE OF DATA ANALYTICS
• Eliminate frustration
• These are familiar concepts
• Small success using analytics builds
confidence and shows value
• Data Analytics is not a magic wand
“If you do not know where you are
going, any road will get you there.”
-- Lewis Carroll
8. BUSINESS, TECHNOLOGY APPLICATIONS
• Data Analytics can help to achieve audit goals:
• What audit objectives we want to achieve
• What questions about our data do we want answered
• Validation of assumptions about whether systems are
programmed correctly
• Investment that pays off, requires perseverance
• Expanded coverage
• Better understanding of the data
• Integrity of the data preserved
• Will uncover concerns in other areas
9. DATA ANALYTICS HELP
• Data Analytics helps with the following audit objectives:
• Validate data accuracy
• Display data in different ways – Prepare data for analysis
• Identification of strange items, exception testing
• Completeness (gaps, matching)
• Validity of formulas and calculations
• Edit checks
• Compliance testing
• Relationships (fuzzy logic)
10. THE CHALLENGE
• Think outside the box
• Examples of traditional and
non-traditional ways data
analytics tools can be used
11. BUSINESS APPLICATIONS
• Technology
• Utilize tools that are both business application and technology
focused
• Log files
• Access Reviews
• Alerts
12. EMAIL LOGS
• Common tests
• Summarize emails by service provider
• Summarize and sort numbers of emails by employee
• Isolate, summarize and examine personal emails
• Stratify emails by time and examine any unusual activity (e.g.,
lunchtime, weekends, bank holidays)
• Analyze incoming emails and identify common domain addresses
13. EMAIL LOGS
• Common tests
• Calculate and sort length of time employees spent on email in a
given time period
• Match emails with a list of employees and extract any emails that
were sent by non-employees
• Analyze any dormant accounts
• Identify non-work related emails by searching for specific words
14. ACCESS RIGHTS
• Identify accounts with:
• Passwords not set or not required for access
• Passwords < the recommended number of characters
• Access to key directories
• Supervisor status
• Equivalence to users with high level access
• That have not been used in the last 6 months
• Group memberships
• Age password changes
15. SYSTEMS LOGS
• Identify accounts with:
• Access outside office hours (Holiday/Sick Leave
• Users, particularly those with supervisory rights
• Perform data analysis by user
• Summarize by network address to identify:
• All users with their normal PCs or all PCs with their normal users
• Users on unusual PCs
• Summarize charges by user for resource utilization
• Analyze utilization by period to show historical trends ie:
daily, weekly, monthly
16. FILE ACCESS & MANAGEMENT
• Monitor file activity and user behavior
• Prevent data breaches and assists with permissions management
• Monitor every file touch
• Know when sensitive files and emails are opened, moved,
modified or deleted
17. REGULATORY
• Rule Book Validation
• Independent validation of software algorithms utilized to ensure
compliance with rules
• For example:
• To list on a national stock exchange and to remain listed companies
must meet comprehensive qualitative and quantitative standards
for both the company and the securities offered.
18. ETHICS – FCPA COMPLIANCE
• FCPA Act - Enacted in 1977
• Impact of billion dollar fines
• FCPA compliance is focused fraud analytics geared to
bribery and anti corruption of government officials
• One can not identify corruption straight up but you can
identify red flags for follow-up
19. COST OF FCPA NON-COMPLIANCE
Top ten FCPA enforcement actions (Average fine: $65 million)
1. Siemens (Germany): $1.6 billion in 2008
2. Alstom (France): $772 million in 2014
3. KBR / Halliburton (USA): $579 million in 2009
4. BAE (UK): $400 million in 2010
5. Total SA (France): $398 million in 2013
6. VimpelCom (Holland): $397.6 million in 2016
7. Alcoa (USA): $384 million in 2014
8. Snamprogetti Netherlands B.V./ENI S.p.A (Holland/Italy): $365
million in 2010
9. Technip SA (France): $338 million in 2010
10. JGC Corporation (Japan): $218.8 million in 2011
(Sources: FCPA Blog and SEC Websites)
20. FCPA COMPLIANCE
How we use Data Analytics to ensure FCPA Compliance:
• Identifying spending trends of vendors, contractors, employees
• Prohibited list screening
• Risk Scoring to identify high risk vendors, contractors
• Supplemental traditional AP analytics
21. OTHER KEYS TO SUCCESS
• Repeatable- “Productionalize”
• Only need to refresh data
• Visualization
• Easily Interpret and summarize data in user friendly way
• Drill down into the underlying data
• Picture worth a thousand words
• Just like auditing, data analytics is an iterative process, one
set of results provides additional questions and the next
step in your analysis
22. SKILLS SETS
• Critical thinking
• Understanding the business
• Familiarity with automated solutions
• Data extract query tools are already built in to ERP and other
systems today.
• SAP, PeopleSoft, Hyperion
• Creative problem solvers, what do I want to know about
the data?
23. SKILLS SETS
• Not afraid of data and technology
• Relational Database concepts versus Excel
• Willing to adapt and grow their skill sets - Necessity for
their careers
• Investment of time to learn
• Trial and error
• Perseverance
24. GAINING MANAGEMENT SUPPORT
• A necessity made easier…
• To search manually for irregularities is almost impossible
• Information is more complex
• Automated tools are easier to use than before
• To rely only on professional judgement can be subjective or based
on poor information
25. SUPPLEMENTS TRADITIONAL AUDIT
• Data Analytics is a supplement to traditional audit
techniques
• Expanded coverage
• Better understanding of the data
• Uncover concerns in other areas beyond the current area of focus
• Data Analytics allows can grow into a continuous monitoring or
continuous auditing program
• Red flags resulting from data analytics can be used to develop a
targeted scope for a traditional audit, drilling down to root causes
and control gaps
26. STANDARDS HAVE CHANGED
Critical Thinking
Advanced Fuzzy Duplicate Trend
Analysis PLANNING Data Discovery
Data Sampling Visualization Data
Insights Identify trends
Trend Analysis & outliers
Benford’s Law Analysis Focus the Audit
DATA INTEGRITY CaseWare Analytics
Profile your Data
• Today Data Analytics is a
requirement rather than a
recommendation
• Highlighted in the IIA
standards under “Proficiency”
where auditors need to have
sufficient knowledge of
“technology-based audit
techniques” to do their work
27. STAFF UTILIZATION & EFFECTIVENESS
• Build in to the methodology:
• Require the auditor to address before fieldwork begins
how analytics will be used.
• It can be as simple as profiling data to determine
sampling approach
• Sample selection itself
• Tie analytics to compensation and incentives
28. TAKEAWAYS & BENEFITS
• Think outside the box
• A necessity – Standards now include data analytics
• Make it about the audit objectives, not the tool
• Expanded coverage
• Better understanding of the data
• Better defense with regulators…mitigates actions of rouge
employees
• Lets people know we are watching
• Job specific training (ie: anti-corruption activities)
• Provide employee incentives to learn and use analytics
29. Learn more about
CaseWare IDEA Data Analysis
Contact us at salesidea@caseware.com to
schedule a demonstration
30. SUREFIRE WAYS TO SUCCEED WITH
DATA ANALYTICS
WEBINAR
Visit casewareanalytics.com
Email salesidea@caseware.com