Soumettre la recherche
Mettre en ligne
Continuous Auditing D.French
•
1 j'aime
•
682 vues
Dan French
Suivre
IACON 2010 Presentation on Continuous Audit and Continuous Controls Monitoring
Lire moins
Lire la suite
Signaler
Partager
Signaler
Partager
1 sur 43
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
IAS 27 Consolidated And Separate Financial Statements
IAS 27 Consolidated And Separate Financial Statements
Lynnix (UK) Limited
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)
MUHAMMAD HUZAIFA CHAUDHARY
IFRS 7 Financial Disclosures Overview
IFRS 7 Financial Disclosures Overview
Sohan Al Akbar
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
International Federation of Accountants
11. materiality and audit risk
11. materiality and audit risk
Syed Osama Rizvi
Contingencies and provisioning[1]
Contingencies and provisioning[1]
Hyderabad Chapter of ICWAI
Auditing Chapter 1
Auditing Chapter 1
aaykhan
Sa 570 revised
Sa 570 revised
Hiten Nagda
Recommandé
IAS 27 Consolidated And Separate Financial Statements
IAS 27 Consolidated And Separate Financial Statements
Lynnix (UK) Limited
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)
MUHAMMAD HUZAIFA CHAUDHARY
IFRS 7 Financial Disclosures Overview
IFRS 7 Financial Disclosures Overview
Sohan Al Akbar
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
International Federation of Accountants
11. materiality and audit risk
11. materiality and audit risk
Syed Osama Rizvi
Contingencies and provisioning[1]
Contingencies and provisioning[1]
Hyderabad Chapter of ICWAI
Auditing Chapter 1
Auditing Chapter 1
aaykhan
Sa 570 revised
Sa 570 revised
Hiten Nagda
Materiality in Planning and Performing an Audit
Materiality in Planning and Performing an Audit
Dr. Soheli Ghose Banerjee
Migration analysis way_forward_slides
Migration analysis way_forward_slides
Libby Bierman
Fraud Risk and Control
Fraud Risk and Control
WeaverCPAs
Auditing the expenditure cycle
Auditing the expenditure cycle
Angela Torres
IFRS IN PRACTICE IFRS 16 Leases
IFRS IN PRACTICE IFRS 16 Leases
Sazzad Hossain, ITP, MBA, CSCA™
Auditing And Assurance Standards
Auditing And Assurance Standards
Augustin Bangalore
Audit risk model
Audit risk model
Darryl Woolley
Assurance Engagement
Assurance Engagement
Muhammad Ehtisham Jadoon
Chap 7 cash and cash equivalents
Chap 7 cash and cash equivalents
Hazel Sarmiento
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
Finance information system
Finance information system
Suby A John
Understanding Financial Statement fraud- Forensic Accounting Perspective
Understanding Financial Statement fraud- Forensic Accounting Perspective
Godwin Emmanuel Oyedokun MBA MSc ACA ACIB FCTI FCFIP CFE
Lecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit Sampling
Sazzad Hossain, ITP, MBA, CSCA™
SA 240
SA 240
ShivaniLahoti1
Chapter 12: Current Liabilities
Chapter 12: Current Liabilities
Tara Kissel, M.Ed
Pp 05-new
Pp 05-new
Sri Apriyanti Husain
Frequently Asked Questions on Anti-Money Laundering
Frequently Asked Questions on Anti-Money Laundering
Ziaullah Mirza
Legal Aspects of Collections
Legal Aspects of Collections
Credit Management Association
Basics of income tax assessments and appeals
Basics of income tax assessments and appeals
Ameet Patel
Ch 8 depreciation
Ch 8 depreciation
Amaie Idarus
Enterprise software delivery
Enterprise software delivery
IBM Rational software
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
IBM Sverige
Contenu connexe
Tendances
Materiality in Planning and Performing an Audit
Materiality in Planning and Performing an Audit
Dr. Soheli Ghose Banerjee
Migration analysis way_forward_slides
Migration analysis way_forward_slides
Libby Bierman
Fraud Risk and Control
Fraud Risk and Control
WeaverCPAs
Auditing the expenditure cycle
Auditing the expenditure cycle
Angela Torres
IFRS IN PRACTICE IFRS 16 Leases
IFRS IN PRACTICE IFRS 16 Leases
Sazzad Hossain, ITP, MBA, CSCA™
Auditing And Assurance Standards
Auditing And Assurance Standards
Augustin Bangalore
Audit risk model
Audit risk model
Darryl Woolley
Assurance Engagement
Assurance Engagement
Muhammad Ehtisham Jadoon
Chap 7 cash and cash equivalents
Chap 7 cash and cash equivalents
Hazel Sarmiento
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
Finance information system
Finance information system
Suby A John
Understanding Financial Statement fraud- Forensic Accounting Perspective
Understanding Financial Statement fraud- Forensic Accounting Perspective
Godwin Emmanuel Oyedokun MBA MSc ACA ACIB FCTI FCFIP CFE
Lecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit Sampling
Sazzad Hossain, ITP, MBA, CSCA™
SA 240
SA 240
ShivaniLahoti1
Chapter 12: Current Liabilities
Chapter 12: Current Liabilities
Tara Kissel, M.Ed
Pp 05-new
Pp 05-new
Sri Apriyanti Husain
Frequently Asked Questions on Anti-Money Laundering
Frequently Asked Questions on Anti-Money Laundering
Ziaullah Mirza
Legal Aspects of Collections
Legal Aspects of Collections
Credit Management Association
Basics of income tax assessments and appeals
Basics of income tax assessments and appeals
Ameet Patel
Ch 8 depreciation
Ch 8 depreciation
Amaie Idarus
Tendances
(20)
Materiality in Planning and Performing an Audit
Materiality in Planning and Performing an Audit
Migration analysis way_forward_slides
Migration analysis way_forward_slides
Fraud Risk and Control
Fraud Risk and Control
Auditing the expenditure cycle
Auditing the expenditure cycle
IFRS IN PRACTICE IFRS 16 Leases
IFRS IN PRACTICE IFRS 16 Leases
Auditing And Assurance Standards
Auditing And Assurance Standards
Audit risk model
Audit risk model
Assurance Engagement
Assurance Engagement
Chap 7 cash and cash equivalents
Chap 7 cash and cash equivalents
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
Finance information system
Finance information system
Understanding Financial Statement fraud- Forensic Accounting Perspective
Understanding Financial Statement fraud- Forensic Accounting Perspective
Lecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit Sampling
SA 240
SA 240
Chapter 12: Current Liabilities
Chapter 12: Current Liabilities
Pp 05-new
Pp 05-new
Frequently Asked Questions on Anti-Money Laundering
Frequently Asked Questions on Anti-Money Laundering
Legal Aspects of Collections
Legal Aspects of Collections
Basics of income tax assessments and appeals
Basics of income tax assessments and appeals
Ch 8 depreciation
Ch 8 depreciation
Similaire à Continuous Auditing D.French
Enterprise software delivery
Enterprise software delivery
IBM Rational software
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
IBM Sverige
JohnGoodman_CustomerManagementForum_Moscow_CMF2012
JohnGoodman_CustomerManagementForum_Moscow_CMF2012
Evgeny Vasyuk
Mcs report
Mcs report
itsme_akku
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign
Vladimir Matviychuk
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analytics
prosenzw69
Planning For Success Quality Management
Planning For Success Quality Management
Jolene_Eichorn
Paras LIS
Paras LIS
Anshuman Kumar
Measuring the Results of your Agile Adoption
Measuring the Results of your Agile Adoption
Software Guru
ProcessGene GRC Software Suite
ProcessGene GRC Software Suite
ProcessGene Ltd
Financial Planning Best Practices and IBM Cognos TM1 Demonstration
Financial Planning Best Practices and IBM Cognos TM1 Demonstration
Senturus
From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'
Cognizant
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
Gaiani (CarnCorpAudit)
Unlocking the Value in Warranty Management
Unlocking the Value in Warranty Management
Cognizant
Audit software highlights
Audit software highlights
sonisjs
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Systems Plus Solutions
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Joe Oringel
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
Fice Of Internal Audit
Fice Of Internal Audit
Christina Berger
Similaire à Continuous Auditing D.French
(20)
Enterprise software delivery
Enterprise software delivery
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
IBM Cognos - Hälsokontroll på ekonomiavdelningen med mål att bli värdeskapare
JohnGoodman_CustomerManagementForum_Moscow_CMF2012
JohnGoodman_CustomerManagementForum_Moscow_CMF2012
Mcs report
Mcs report
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Building control efficiency: Rationalization, optimization and redesign
Building control efficiency: Rationalization, optimization and redesign
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analytics
Planning For Success Quality Management
Planning For Success Quality Management
Paras LIS
Paras LIS
Measuring the Results of your Agile Adoption
Measuring the Results of your Agile Adoption
ProcessGene GRC Software Suite
ProcessGene GRC Software Suite
Financial Planning Best Practices and IBM Cognos TM1 Demonstration
Financial Planning Best Practices and IBM Cognos TM1 Demonstration
From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
Unlocking the Value in Warranty Management
Unlocking the Value in Warranty Management
Audit software highlights
Audit software highlights
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Fice Of Internal Audit
Fice Of Internal Audit
Plus de Dan French
Practicalities in Delivering World Class Finance
Practicalities in Delivering World Class Finance
Dan French
Leading Indicators: What's so KEY about your KPIs
Leading Indicators: What's so KEY about your KPIs
Dan French
Risk, Control & Compliance with INFOR Approva
Risk, Control & Compliance with INFOR Approva
Dan French
Confidence in Financial Control with ACL
Confidence in Financial Control with ACL
Dan French
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & Control
Dan French
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with Efficiency
Dan French
Pwc event 121210_webcast_risk_performance_e
Pwc event 121210_webcast_risk_performance_e
Dan French
Isaca Sustainable Compliance And Operating Efficiency Dan French
Isaca Sustainable Compliance And Operating Efficiency Dan French
Dan French
Plus de Dan French
(8)
Practicalities in Delivering World Class Finance
Practicalities in Delivering World Class Finance
Leading Indicators: What's so KEY about your KPIs
Leading Indicators: What's so KEY about your KPIs
Risk, Control & Compliance with INFOR Approva
Risk, Control & Compliance with INFOR Approva
Confidence in Financial Control with ACL
Confidence in Financial Control with ACL
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & Control
Inforum 2013: Get Tighter Controls with Efficiency
Inforum 2013: Get Tighter Controls with Efficiency
Pwc event 121210_webcast_risk_performance_e
Pwc event 121210_webcast_risk_performance_e
Isaca Sustainable Compliance And Operating Efficiency Dan French
Isaca Sustainable Compliance And Operating Efficiency Dan French
Continuous Auditing D.French
1.
IACON 2010
Taking the Internal Audit Profession Forward Continuous Auditing: Technology Enabled Continuous Assurance Dan French - Consider Solutions Consider Solutions are the European distribution operation for Approva © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 1
2.
www.iloveagoodaudit.com
/ © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 2
3.
Learning Points • The
value in developing a continuous auditing framework • Why is continuous auditing important for auditors? • How does technology aid continuous auditing? • Monitoring for management use or internal audit? • Interpreting and reacting on your results © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 3
4.
Structure • Continuous Auditing
& Continuous Controls Monitoring • The Controls Challenge for Management and Audit • Continuous Auditing in Practice • Challenges and Best Practices • Questions and feedback © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 4
5.
Continuous Auditing (CA)
& Continuous Controls Monitoring (CCM) • ‘Continuous auditing is the application of automated tools to provide assurance on financial and non-financial data within a company’ • ‘Continuous auditing uses a set of tools to check whether internal controls are functioning to prevent errors and fraud’ • ‘A generally accepted definition of "continuous auditing“ remains elusive, and expert practitioners remain rare’ • ‘32% of 305 organizations have told the Institute of Internal Auditors in the past year that they perform continuous auditing’ • In a 2006 PWC survey, 81% of 392 companies said they at least aspired to continuous auditing • ‘Continuous Controls Monitoring seeks to assure the effectiveness of internal controls, reduce fraud and meet regulatory requirements. © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 5
6.
Continuous Auditing (CA)
& Continuous Controls Monitoring (CCM) – What is the difference? • There is much debate on the semantics ! • No, not all risks can be effectively monitored using automation • Monitoring data and transactions does not necessarily prove that the control is working » But it helps! • Emerging Continuous Monitoring definitions » Application configuration (CCM-AC) – ‘Do our systems allow anyone to . . .?’ » User access (CCM-SOD) – ‘Can anyone . . . . ?‘ » Master data (CCM-MD) – ‘Is the critical static data correct and controlled? ‘ » Transactions (CCM-T) – ‘Did anyone . . . ? What was the impact?‘ • Consistent, Continuous, Complete © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 6
7.
Audit & Internal
Controls courtesy BMW AG © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
8.
An Audit Committee
Perspective • The pace of business change continues to increase • The demands for more rapid and robust reporting will increase • Technology risk will continue to increase • The patience of the public, investors and regulators to accept fraud risks will continue to grow thin • The demand for independent, rapid assurance will continue to grow • We are entering a new Age – We need constant, not periodic, visibility 8 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
9.
Drivers for Change
• Maintenance of continuous state of audit requires: » Provide immediate insight into control violations » Increase audit scope and frequency while reducing costs » From manual to fully automated control testing with integrated view on risks » Reduce recurrent testing/review cost significantly, while focusing on more added value areas • Enterprise risk and controls coverage across all processes and applications • Increasing complexity and integration of systems requires new control methods and tools 9 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
10.
Vision
Current approach New approach Periodic, mainly manual reviews and Continuous testing via predefined rules and audits of systems and processes tools Broader and deeper scope of testing Sample based manual and computer Exception based automated monitoring aided testing Multiple controls and tools to cover one Optimisation of controls and testing in control objective or risk integrated tool set Inconsistent, decentralized tools and Local controls and testing derived from testing common consistent global rules Mainly focused on regulatory control Extension to other risk areas (operational risks, objectives extend fraud detection, other compliance risks) Further business improvement opportunities Global centralized, standardized and integrated controls management and testing that helps: • Realize efficiency gains through automated and continuous control monitoring • Increase coverage and scope of controls to areas not sufficiently covered today • Embed controls in business processes 10 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
11.
Over the Last
5 Years Risk Management Has Jumped to the Top of the CFO’s Agenda… Which of These Company-Wide Initiatives Are ‘Very Important’ or ‘Critically Important’ to CFOs? 93% increase 2010 2005 Measuring/ Providing inputs Driving enterprise Supporting/ Driving integration monitoring into enterprise cost reduction managing/ of information business strategy mitigating across the performance enterprise risk enterprise Source: IBM CFO Survey, 2010 11 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
12.
…But CFOs Say
a Significant Gap Remains Between the Effectiveness & Importance of Internal Controls How Would You Rate the Importance vs. the Effectiveness of These Cross-Enterprise Activities? 28% Gap 16% Gap 23% Gap Importance Effectiveness Executing continuous Strengthening Driving Finance cost Supporting/ managing finance process compliance programs reduction / mitigating enterprise improvements & internal controls risk Source: IBM CFO Survey, 2010 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 12
13.
The Vast Majority
of Organizations Rely on Manual Methods to Validate The Effectiveness of Their Controls What Methods Do You Use to Provide Management Assurance of Your Controls? Mostly real-time automated Others/not sure checks & dashboards Mix of real-time, manual & automated Mostly periodic checks manual checks/ standard reports Mix of regular manual & automated checks Source: KPMG Continuous Monitoring & Continuous Auditing Survey, 2010 © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 13
14.
The Controls Challenge
for Management & Audit Processes are ignored Processes are ignored Policies cannot be cost- Policies cannot be cost- or circumvented or circumvented effectively enforced effectively enforced What is supposed to happen? Processes What actually does happen? Multiple Risks, Multiple Data Sources © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 14
15.
The myth of
standardisation & control in systems CFOs have invested tens of millions in ERP / Finance Systems to drive: » Process and control standardisation » Business efficiency » Economies of scale However, only some of the value has been released . . . » Many businesses have implemented ERP and achieved; • A standard data input process and control BUT NOT • A standard business process or control © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
16.
Example standard business
process ERP is configured to only allow GR if PO exists, however… 1. Truck drops off shipment, but 3. Purchasing creates PO for no PO exists Shipment 2. Warehouse worker calls up purchasing to create a PO 4. GR is created against PO “The myth of automated business controls in ERP” © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
17.
Fixing the myth
of standardisation & control in systems • Neither management nor audit can rely on system configured controls (automated business controls) alone; • For key controls of high risk or high impact, we need; » Monitoring and Prevention of high risk Segregation of Duties issues » Monitoring of configured control, where it exists » Monitoring of related master data for specific changes » Monitoring of specific business activities/transactions outside accepted or expected boundaries • This gives 360 degree business control visibility for management and audit – Consistent, Continuous, Complete © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 17
18.
Consistent, Continuous, Complete
Testing • Continuous monitoring catches things that just don’t typically get found in entirety including; » Changes to Bank Account details » Change in payment terms or prices on specific orders » Approvals to key changes (such as terms and prices) » SoD checks at the individual level e.g., POs created and released by same person, GR created by same person as approved the PO. » Deliveries with no reference to a Sales Order » Over deliveries » Sales Orders for Customers over Credit Limit » Duplicate payments » ‘Unusual’ GL postings » Multiple PO’s to avoid signoff limits » Nominal value PR’s to ‘make the process work’ © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 18
19.
CA/CCM Landscape is
Confusing “GRC” Components & Related Services Governance Layer Corporate Reporting Align Performance With Documentation / Alignment / Rationalization Corporate Objectives Issue & Enterprise Audit Resolution E-Discovery Risk/Compliance Layer Risk Management Management. Establish The Rules For Business Operations Continuous Control Monitoring (CCM), Testing & Enforcement Policy, procedure & control definition Business/Performance Layer Supply Manuf. ERP Finance HR Sales LOB Assure That Operations Follow Chain Ops. Set Policies and Expectations Health- Transp- Manuf- Financial Pharma Retail Energy care ortation acturing Services SOX Basel II HIPPA FCPA J-SOX PCI Others. Continuous Monitoring Layer Automated testing Provide Insight & Perform Application User Access Master Data Transactions Configuration Specialized Functions (CCM-AC) (CCM-SOD) (CCM-MD) (CCM-T) IT Infrastructure Layer IT Control Monitoring, Testing & Enforcement Assure That Information Is Networks Web E-mail Servers Storage Properly Controlled © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. 19
20.
Continuous Auditing in
Practice © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
21.
© 2010 Approva
Corporation and Consider Solutions Limited. All rights reserved.
22.
© 2010 Approva
Corporation and Consider Solutions Limited. All rights reserved.
23.
User Access Exceptions ©
2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
24.
Business Process Exceptions ©
2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
25.
Process Exceptions –
drilldown into specific issues © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
26.
Process Exceptions –
drilldown – duplicate vendor © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
27.
Continuous Monitoring helps
Risk Assessment Value of Returned Goods by Location © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
28.
. . .
and helps drive Business Improvement Open Sales Orders Not Shipped © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
29.
Case Study: Continuous Auditing
Approach Approach • Systematically examine each Audit Action Sheet, the audit approach, and 75% Automation of Audit Tests the audit objectives • Design an automation and continuous monitoring method, 25% Automated by achieving the same audit objectives Re-Engineering Audit Plan while leveraging CCM/CA Controls • Identify and validate automation 25% Automated by opportunities in 4 key areas: Configuring New CCM/CA Rules 25% Automated With 1. CCM/CA out-of-the-box rules Out-of-the-Box Rules 2. Configure new rules 3. Re-engineer manual AAS tests 25% Not Possible to Automate 4. Not possible to automate 2 © 2009 Approva Corporation. All rights reserved.
30.
Continuous Auditing /
Continuous Controls Monitoring • Can target up to 60-70% of key controls • But, it can be complex » Many Moving Parts, including . . . • Technology • Potentially broad controls and data scope • Multiple systems and processes • Geography, Lines of Business, Organisations & Plants • Managing Stakeholders & Expectations • Reporting and actioning exceptions and issues • Human impact of continuous monitoring » Invariably involves change! © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2008 Approva Corporation. All rights 30 reserved
31.
Some Specific Recommendations
(1) • Be clear and get agreement on ownership and sponsorship • Start simple, narrow risk focussed scope with quantifiable value • Prioritise based on business risk and suitability for automation ... HIGH / HIGHs are the sweet spot • Develop a plan for iterative refinement of entire process. Deploy ... use ... learn ... review ... refine ... extend. Increase breadth in controlled stages. • Review current beliefs and practices in light of each iteration. Is there a better way to test this control or manage this risk? • Deeply engage the business / control owners as part of the assessment / development / testing processes • Be aware that continuous monitoring WILL find more exceptions than periodic sampling. Communicate well and often. © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2006 Approva Corporation. All rights 31 reserved
32.
Some Specific Recommendations
(2) • Implement a robust rule configuration methodology involving required skills. Structured but iterative approach works well. • Define a robust rule testing strategy which closely involves the business / control owners. • Define and agree business deployment strategy before rolling out. e.g. practical information dissemination and alerting strategy that makes it easy for the stakeholders. Work out how the stakeholders will use the output, confirm priority of exceptions, and agree types of actions needed. • Reporting: Ensure the content is filtered appropriately for the target community so they only see relevant information. Ensure report output is appropriate for the target community. © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2006 Approva Corporation. All rights 32 reserved
33.
Work Streams to
consider when Planning • CCM/CA Project » Vision & objectives setting and stakeholder buy-in » Narrow Path Pilot to develop and test full cycle controls testing from control confirmation to business action and remediation » Extend to next LOB, geography, control set » Iterate • Don’t invest in technology until you have proven the value in a Narrow Path Pilot . . . © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2008 Approva Corporation. All rights 33 reserved
34.
Implementation
Controls Definition & Optimization Considerations IT Planning & Operability Information Dissemination & Exception Action Planning Planning & Pilot “Business As Usual” Management on Narrow Path Scope Roll-Out & Follow-On Planning © 2010 Approva Corporation and Consider Solutions Limited. All rights reserved.
35.
The Business Case
• The vision and rationale » Enable a comprehensive controls testing environment for optimised risk coverage, visibility of control effectiveness, elimination of fraud and waste and process (& system) simplification and standardisation • Tangible benefits of Continuous Audit » Cost savings OR Cost avoidance • Internal Audit Effort • External Audit Effort • Finance Effort • IT Effort • Other External effort » Both centrally and locally (often disguised in other activities) • Improved risk profile – 100% control testing • Efficiencies and cost savings in core business processes • Operational intelligence for business exceptions • Driving process standardisation and economies of scale © 2009 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2009 Approva Corporation. All rights reserved.
36.
Companies Expect to
See Significant Benefits From Their Deployment of CCM Applications In What Areas Do You Expect to See the Most Significant Benefits With CCM Applications? Source: AMR Research, 2009 © 2009 Approva Corporation. All rights reserved. 36
37.
Stakeholder views on
CCM/CA CFO / Internal CIO/ Compliance/ Finance Audit IT Risk • Increased • Reduced • Reduced time • Improved visibility business testing time for to support into key risks efficiency routine controls audits • Reduced risk of • Improved • Reduced IT • Reduced time and adverse audit internal auditor cost of cost for monitoring findings & fraud utilization ownership controls © 2009 Approva Corporation. All rights reserved.
38.
Continuous Auditing &
Continuous Monitoring Complementary Business Goals of Continuous Auditing & Continuous Monitoring Value Business Process Transaction Processing Optimization Costs Performance Performance & Strategy Management Performance Financial Improvement Cash Leaks Reporting Accuracy (continuous monitoring) Operational Benefits Fraud Prevention Risk Management & Improved Audit Operational Improvement Quality & Effectiveness Reduced Audit Costs Reduced Audit Preparation Costs Regulatory Compliance Automated Audit Testing Audit Benefits (continuous auditing) © 2009 Approva Corporation. All rights reserved. 38
39.
More than 50%
of Organizations Are Considering or Piloting Continuous Auditing & Monitoring Tools How Widespread Is the Use of Technology to Support Continuous Auditing & Continuous Monitoring? Widespread use of dedicated auditing & monitoring tools Not at all or don’t know Limited/pilot use of dedicated auditing & monitoring tools Considering the Use standard use of dedicated reporting (e.g. auditing & from ERP monitoring tools system) Source: KPMG Continuous Monitoring & Continuous Auditing Survey, 2010 © 2009 Approva Corporation. All rights reserved. 39
40.
The Value of
Effective, Assured Controls • Better risk identification, mitigation and management • Knowledge that the business runs ‘as advertised’ • Revenue is solid, cash is collected, expenses are valid, tax position is correct, accrual values are fair, waste & fraud is eliminated • Stakeholders (internal and external) have greater confidence in results, operations, controls and management So the question remains; ‘is continuous, automated testing more cost effective?’ © 2009 Approva Corporation and Consider Solutions Limited. All rights reserved. © 2009 Approva Corporation. All rights reserved.
41.
In God we
trust . . . . Everyone else gets (continuously) audited! © 2009 Approva Corporation. All rights reserved. 41
42.
Questions?
Contact Details dfrench@consider.biz www.iloveagoodaudit.com / © 2009 Approva Corporation. All rights reserved. 42
43.
IACON 2010
Taking the Internal Audit Profession Forward Continuous Auditing: Technology Enabled Continuous Assurance Dan French - Consider Solutions Consider Solutions are the European distribution operation for Approva © 2009 Approva Corporation. All rights reserved. 43
Télécharger maintenant