Soumettre la recherche
Mettre en ligne
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conference 2009 Feb 26
•
1 j'aime
•
397 vues
Joe Oringel
Suivre
IIA District Conference in Raleigh NC, February 2009
Lire moins
Lire la suite
Affichage du diaporama
Signaler
Partager
Affichage du diaporama
Signaler
Partager
1 sur 15
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Real Time Risk Management
Real Time Risk Management
Mike Popham MBA PhD CPEng FRSA
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
Smart ERP Solutions, Inc.
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
Smart ERP Solutions, Inc.
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
Smart ERP Solutions, Inc.
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
ClubHack
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Smart ERP Solutions, Inc.
Recommandé
Real Time Risk Management
Real Time Risk Management
Mike Popham MBA PhD CPEng FRSA
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
Smart ERP Solutions, Inc.
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
Smart ERP Solutions, Inc.
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
Smart ERP Solutions, Inc.
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
ClubHack
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Smart ERP Solutions, Inc.
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
TransWare AG
Segregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
Heartlandpt3
Heartlandpt3
grimesjo
Heartlandpt3
Heartlandpt3
grimesjo
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software Engineering
Shiv Koppad
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
SaskSummit
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
CA API Management
Customer Presentation - Northern Trust
Customer Presentation - Northern Trust
Splunk
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
Vinod Kashyap
Cognos Presentation Gartner BI
Cognos Presentation Gartner BI
Arvind Purushothaman
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
ValueMomentum
Kri Library Proposal India
Kri Library Proposal India
Rahul Bhan (CA, CIA, MBA)
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Anup Lakra
Business Case For IT Asset Management
Business Case For IT Asset Management
Samanage
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud Opportunities
WhitleyPenn
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Daegis
Heartland
Heartland
grimesjo
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
MediaPost
Life IQ InsurTech Award Presentation
Life IQ InsurTech Award Presentation
The Digital Insurer
Eq n iq ppt (r.g)
Eq n iq ppt (r.g)
Radhika Goyal
Contenu connexe
Tendances
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
TransWare AG
Segregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
Heartlandpt3
Heartlandpt3
grimesjo
Heartlandpt3
Heartlandpt3
grimesjo
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software Engineering
Shiv Koppad
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
SaskSummit
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
CA API Management
Customer Presentation - Northern Trust
Customer Presentation - Northern Trust
Splunk
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
Vinod Kashyap
Cognos Presentation Gartner BI
Cognos Presentation Gartner BI
Arvind Purushothaman
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
ValueMomentum
Kri Library Proposal India
Kri Library Proposal India
Rahul Bhan (CA, CIA, MBA)
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Anup Lakra
Business Case For IT Asset Management
Business Case For IT Asset Management
Samanage
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud Opportunities
WhitleyPenn
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Daegis
Heartland
Heartland
grimesjo
Tendances
(19)
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Segregation of Duties Solutions
Segregation of Duties Solutions
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Heartlandpt3
Heartlandpt3
Heartlandpt3
Heartlandpt3
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software Engineering
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
Northern Trust Case Study from Gartner Catalyst 2012 Featuring Layer 7 Mobile...
Customer Presentation - Northern Trust
Customer Presentation - Northern Trust
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
Cognos Presentation Gartner BI
Cognos Presentation Gartner BI
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
A P/C Insurance Data Modernization Journey Featuring Pekin Insurance, ValueMo...
Kri Library Proposal India
Kri Library Proposal India
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Business Case For IT Asset Management
Business Case For IT Asset Management
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud Opportunities
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Learning from Big Data – Simplify Your Workflow Using Technology Assisted Review
Heartland
Heartland
En vedette
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
MediaPost
Life IQ InsurTech Award Presentation
Life IQ InsurTech Award Presentation
The Digital Insurer
Eq n iq ppt (r.g)
Eq n iq ppt (r.g)
Radhika Goyal
Intelligence quotient
Intelligence quotient
kunal jagwani
IQ TEST
IQ TEST
Mr frogncat
Intelligence Quotient
Intelligence Quotient
Catmon National High School
Care IQ presentation at Big Data Expo - healthcare session
Care IQ presentation at Big Data Expo - healthcare session
Andre van Est
En vedette
(7)
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
Visual IQ Sponsor Breakfast Presentation - OMMA Programmatic NY
Life IQ InsurTech Award Presentation
Life IQ InsurTech Award Presentation
Eq n iq ppt (r.g)
Eq n iq ppt (r.g)
Intelligence quotient
Intelligence quotient
IQ TEST
IQ TEST
Intelligence Quotient
Intelligence Quotient
Care IQ presentation at Big Data Expo - healthcare session
Care IQ presentation at Big Data Expo - healthcare session
Similaire à Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conference 2009 Feb 26
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Joe Oringel
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Joe Oringel
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
Oracle
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
Oracle
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist, LLC
Rutgers Research Center
Rutgers Research Center
carlabrut
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
Subhajit Bhuiya
The Role of AI and Automation
The Role of AI and Automation
mcoello
Rapid Portfolio Analysis powered by CAST Highlight
Rapid Portfolio Analysis powered by CAST Highlight
CAST
Q insure
Q insure
Jaikumar Karuppannan
Strategic governance performance_management_systems
Strategic governance performance_management_systems
Ramsés Gallego
Providing Business Value With Digital - Bridge Worldwide Measurement Services...
Providing Business Value With Digital - Bridge Worldwide Measurement Services...
Michael Stich
Gregs BI Presentation
Gregs BI Presentation
flyjock1
Ibm data governance framework
Ibm data governance framework
kaiyun7631
Ignorance Is Risk
Ignorance Is Risk
Jeromie Jackson
Petrash Capital ERM Diagnostic2010
Petrash Capital ERM Diagnostic2010
bprivitt
Creating collaboration between compliance and internal audit
Creating collaboration between compliance and internal audit
EDGAR Online
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysis
webmentorman
ACI Passport to Security
ACI Passport to Security
jfbgianni
Novell Access Governance Suite
Novell Access Governance Suite
Novell
Similaire à Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conference 2009 Feb 26
(20)
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
Rutgers Research Center
Rutgers Research Center
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
The Role of AI and Automation
The Role of AI and Automation
Rapid Portfolio Analysis powered by CAST Highlight
Rapid Portfolio Analysis powered by CAST Highlight
Q insure
Q insure
Strategic governance performance_management_systems
Strategic governance performance_management_systems
Providing Business Value With Digital - Bridge Worldwide Measurement Services...
Providing Business Value With Digital - Bridge Worldwide Measurement Services...
Gregs BI Presentation
Gregs BI Presentation
Ibm data governance framework
Ibm data governance framework
Ignorance Is Risk
Ignorance Is Risk
Petrash Capital ERM Diagnostic2010
Petrash Capital ERM Diagnostic2010
Creating collaboration between compliance and internal audit
Creating collaboration between compliance and internal audit
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysis
ACI Passport to Security
ACI Passport to Security
Novell Access Governance Suite
Novell Access Governance Suite
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conference 2009 Feb 26
1.
IIA Spring District
Conference Data Analytics Fraud / Ethics Track Matt Cleaver Joe Oringel IIA District Conference Durham NC February 26, 2009
2.
Scheduling and Resource
Overview Our Internal Audit Team • Audit team of 6 FTE’s • Annual Audit Responsibilities • 16 High Risk Strategic Audits • SOX 404 Compliance Testing • ERM Integration • Special Projects (10-20% of resources) • Direct Assistance to External Auditors Visual Risk IQ – GRC thought leadership, practically applied 2 © 2008 Visual Risk IQ, LLC, All Rights Reserved
3.
Company Background One of
the nation's leading Yellow Pages and online local commercial search companies. • $2.5B annual revenues • 600K+ customers • 20K+ suppliers • 4K+ employees • 28 state territory Visual Risk IQ – GRC thought leadership, practically applied 3 © 2008 Visual Risk IQ, LLC, All Rights Reserved
4.
Expense Management Audit
Background • Automated AP Processing system with decentralized manual invoice entry • Oracle Processing and GL environment • Over 15 separate legal and operating business entities Visual Risk IQ – GRC thought leadership, practically applied 4 © 2008 Visual Risk IQ, LLC, All Rights Reserved
5.
Company hired Visual
Risk IQ for Data Analysis including Continuous Auditing • Visual Risk IQ project approach was distinctive • One-time use of a modern continuous auditing (CA) tool • Data acquisition was simple - one Oracle export • Large library of existing risk checks • Data validation was a breeze • CA Maturity model was central to service delivery • Knowledge transfer, not buying hours • Practical advice on using our existing tools • Helped us understand differences between ACL, ERP query tools, and advanced Continuous Auditing Visual Risk IQ – GRC thought leadership, practically applied 5 © 2008 Visual Risk IQ, LLC, All Rights Reserved
6.
Brainstorming session was
an integral part of audit project planning • Assume data acquisition is free • What other data sources would be useful? • Is the data available internally? • Could external data sources provide additional comfort? • What are the Fraud Risk / SAS 99 implications? • Compliance, efficiency objectives? Both? Visual Risk IQ – GRC thought leadership, practically applied 6 © 2008 Visual Risk IQ, LLC, All Rights Reserved
7.
Audit Procedures
• Gather and Validate Complete Population • Validate $ amounts against General Ledger • Validate user responsibilities and access rights • Validate Requisitioner/Approver and limits • Identify Potential Duplicate Payments • Identify Potential Fraudulent Purchases • Unusual relationships between Bank Accounts • Unusual relationships between Addresses Visual Risk IQ – GRC thought leadership, practically applied 7 © 2008 Visual Risk IQ, LLC, All Rights Reserved
8.
A basic continuous
auditing maturity model Basic practices Level 2 practices Better practices Continuous auditing Staff has some basic Some IT- and data- Audit staff and leaders are No need for ad hoc data data literacy. Knows specific specialists are IT- and data-literate. Little acquisition - CA and CCM how to ask IT for accessible, either in- distinction between IT audit systems are well-integrated People information. house or as consultants and financial / operational into finance and operations audit people Basic data capture and Some re-usable scripts Scripts are stored, Continuous auditing and analysis using MS-Office exists and are used on- scheduled, and run at monitoring technologies or ERP Query tools. demand for relevant appropriate intervals contribute to all audit steps Heavy reliance on audit projects Technology Corporate IT Business is reactive to Audit can access data IT consults with IA prior to Data driven early warning / requests from Internal directly making system changes risk alerts include both Audit and usually helps that are known to affect IA. business and controls / Governance in a timely way. audit implications. Risk assessments are Risk assessments are Risk assessments consider Risk alerts are embedded conducted annually conducted more objective and subjective into the IA methodology Audit frequently than annually data. Gaps between and drive specific methodology objective and subjective responses real-time assessments are highlighted Visual Risk IQ – GRC thought leadership, practically applied 8 © 2008 Visual Risk IQ, LLC, All Rights Reserved
9.
Maturity Model Implications
for Company • Strong data analysis skills created flexibility and capacity for what Audit could take on • Good audit charter - broad access to data • Basic data analytics technology existed, and more was available with ERP queries • Opportunity for more frequent control assessment • Make tests preventive by changing when they’re done Visual Risk IQ – GRC thought leadership, practically applied 9 © 2008 Visual Risk IQ, LLC, All Rights Reserved
10.
Expense Management Analysis •
Analyzed all AP disbursements over a 24 months using ACL • Scripts were leveraged from VRIQ training session • Approximately 20 different scripts were run • Confirming over $2.5M of duplicate payments • Since identification, over $2.2M recovered Visual Risk IQ – GRC thought leadership, practically applied 10 © 2008 Visual Risk IQ, LLC, All Rights Reserved
11.
Root Cause Issues
• Negligent Manual Overrides • Invoice # manipulation (append with numeric or alphanumeric characters) • Transposed Invoice / Payment date • Inconsistent vendor naming convention (ex. “Oracle” vs “Oracle Inc.”) • System Coding (single entity view) • System designed to evaluate identical invoices within single entity • Over 15 paying legal entities Visual Risk IQ – GRC thought leadership, practically applied 11 © 2008 Visual Risk IQ, LLC, All Rights Reserved
12.
Audit Recommendations • System
enhancements to identify duplicate payments across all legal entities • Matching $ amounts, invoice numbers, and vendor name/invoice date as potential duplicates • Continuous monitoring by IA using ACL • Weekly 1.5 hour investment has prevented additional $300k in duplicate payment • Oracle extract query developed to identify duplicates prior to payment (process owner review) Visual Risk IQ – GRC thought leadership, practically applied 12 © 2008 Visual Risk IQ, LLC, All Rights Reserved
13.
Additional ACL Analytics
• Pricing and Discounts • 1.7M transactions totalling $1.4B revenue • Trending Analysis (YoY, market, brand, item, etc.) • Price overrides through inappropriate discounting • Identification of obsolete programs • Commissions • Customer set-up • Customer classification • Calculation of commissions Visual Risk IQ – GRC thought leadership, practically applied 13 © 2008 Visual Risk IQ, LLC, All Rights Reserved
14.
Questions / Wrap-up
Matt Cleaver matthew.cleaver@rhd.com (919) 447-4846 Joe Oringel (704) 752-6403 joe.oringel@visualriskiq.com Visual Risk IQ – GRC thought leadership, practically applied 14 © 2008 Visual Risk IQ, LLC, All Rights Reserved
15.
Visual Risk IQ
Points of distinction • We focus solely on emerging enablers for continuous auditing and monitoring – Educating the market – Rapid, low-cost, value-focused pilot projects • Our clients’ business objectives and current state of maturity drive our recommendations and projects • People and process changes are primary, supported, as appropriate, with enabling technologies • We maintain an in depth, up-to-date knowledge of all software and process solutions within the categories • Key to our success are alliance relationships with leading software providers and a broad array of complementary professional service firms Visual Risk IQ – GRC thought leadership, practically applied 15 © 2008 Visual Risk IQ, LLC, All Rights Reserved
Télécharger maintenant