ACL Solutions for Continuous Auditing and Monitoring John
- Slides: 18
ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd
ACL Services Ltd. Continuous Auditing and Monitoring: Where are we? Where are we going? Copyright © 2008 ACL Services Ltd. 2 a. ACL has 11, 000+ user organizations globally a. 33 -40% of organizations consider they perform some form of Continuous Auditing • Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 3 Continuous Auditing – ACL’s Experience a. Wide variation in CA approach and techniques a. CA part of a continuum of analytic usage a. Flexibility is key
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 4 Continuum of Audit Analytics a. One-off analysis and testing a. Automated analyses and tests b. Managed and deployed from a central environment a. Continual execution of automated audit and monitoring tests to identify errors, fraud anomalies on a timely basis 24 7 365 ad hoc repetitive continuous
ACL Services Ltd. Continuous Auditing: Issues to Address a. Data access and management • Quality and control • Sustainability and productivity • People and process Copyright © 2008 ACL Services Ltd. 5
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 6 Enabling the Continuum of Audit Analytics A MANAGED ANALYTICS PLATFORM for AUDIT Secure controlled access to data Configuration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflow One common platform 24 7 365 ad hoc repetitive continuous
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 7 Query & Analysis a. • • Reporting & Presentatio n • In-depth analysis Audit-specific commands & scripting Advanced analytics and predictive modeling Centralized logging Management & Automation Query & Analysis Analytic Library a. • • Audit repository User access & rights, data security Centralized tests and processing Continuous auditing management Configuration & management Data Access Management & Automation a. • • Access, extract, transform, load Specialized format connectors Audit data repository Reporting & Presentation Data Access a. • • Templates, charting Dashboard integration Report deployment and maintenance Analytic Library a. Packaged analytics, key business processes
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 8 Audit Analytics Repository Management & Automation a. User access & rights a. Scheduling b. Administrati on Data a. Data sets for each audit area • Data dictionaries • Data management & refresh a. Search b. Security Analytics a. Test library • Test documentation • “Best Practices” documentation Findings & Results a. Results management • Specific findings • Logs & other documentation
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 9 Populating and Refreshing the Audit Data Repository a. INFORMATICA for ACL Audit. Exchange o o Industry leading technology for ETL (Extract Transform Load) Connectors for any enterprise data § Power. Center: § Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL Server, d. Base § B 2 B Complex Data Exchange: § PDF, XML, XBRL, Excel § Power. Exchange § Specialized data formats – HIPPAA etc • ACL Data Access, including Direct Link for SAP
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 10 ACL: Continuous Auditing and Continuous Monitoring a. ACL Audit. Exchange Enables Best Practices in Audit Analytics Provides a secure, controlled, well-managed and sustainable environment for the continuum of Audit Analytics – Ad Hoc through Continuous Auditing c. Provides benefits of Audit Analytics to the entire audit team, according to roles d. A reliable environment for Continuous Auditing a. b. ACL Continuous Controls Monitoring a. b. c. d. e. f. Provides management and audit with insight into control effectiveness Monitors all transactions throughout business process cycles Tests against suites of control rules Identifies and quantifies exceptions on a timely basis Supports exception resolution and control remediation Configuration and management of the monitoring process
ACL Services Ltd. ACL Continuous Controls Monitoring Technology Framework Copyright © 2008 ACL Services Ltd. 11
ACL Services Ltd. ACL CCM Product Suite Copyright © 2008 ACL Services Ltd. 12 a. Continuous testing of transactions in core business process areas against sets of internal control rules Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger
ACL Services Ltd. ACL CCM Product Suite a. Browser-based interface: a. b. c. d. Manage Continuous Monitoring process Security and Administration Manage test parameters View, report and manage exceptions Copyright © 2008 ACL Services Ltd. 13
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 14 ACL CCM Product Suite – Large Enterprise Version a. Advanced capabilities for complex large scale enterprise monitoring b. For 10+ control entities: a. b. c. Enhanced multi-entity configuration Enhanced multi-entity parameter management Enhanced workflow and remediation
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 15 ACL Enterprise Continuous Monitoring at a. ACL audit analytics used for many years in Siemens entity internal audit organizations b. Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004 c. 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise d. Believed to be largest purchase-payment transaction monitoring project in the world
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 16 Enterprise Controls Monitoring at Siemens Scale a. All corporate entities (currently 900+) • All Purchase to Pay transactions • Daily with 90 days running history • 27 control tests • 275 different data sources & applications • Average 5 GB of source data analyzed per entity • Primary integration environment: analysis of 200 GB data for ~400 entities
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 17 Enterprise Controls Monitoring at Siemens Exceptions: workflow process a. Process managed by entity business owners o o review all exceptions assign appropriate category • Unresolved exceptions automatically escalated through multiple CFO levels
ACL Services Ltd. Copyright © 2008 ACL Services Ltd. 18 Questions? Contact: john_verver@acl. com
Continuous monitoring vs continuous auditing
Continuous control monitoring tools
Auditing through the computer
Standards vs procedures
Acl solutions
Past future present
Chapter 9 auditing the revenue cycle solutions
Real time auditing definition
Continuous auditing
Continuous auditing workflow
Continuous auditing automation
Continuous auditing workflow
Continuous auditing workflow
Past simple present simple future simple
Acl 9000
Decatipus acl
Ccna chapter 7
Natalie kon-yu
Acl rules
