ACL Solutions for Continuous Auditing and Monitoring John Verver CA,
18 Slides696.00 KB
ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 2 Continuous Auditing and Monitoring: Where are we? Where are we going? ACL has 11,000 user organizations globally 33-40% of organizations consider they perform some form of Continuous Auditing Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 3 Continuous Auditing – ACL’s Experience Wide variation in CA approach and techniques CA part of a continuum of analytic usage Flexibility is key
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 4 Continuum of Audit Analytics One-off analysis and testing Automated analyses and tests Managed and deployed from a central environment Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis 24 7 365 ad hoc repetitive continuous
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 5 Continuous Auditing: Issues to Address Data access and management Quality and control Sustainability and productivity People and process
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 6 Enabling the Continuum of Audit Analytics A MANAGED ANALYTICS PLATFORM for AUDIT Secure controlled access to data Configuration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflow One common platform 24 7 365 ad hoc repetitive continuous
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 7 Query & Analysis Reporting & Presentation In-depth analysis Audit-specific commands & scripting Advanced analytics and predictive modeling Centralized logging Management & Automation Query & Analysis Analytic Library Audit repository User access & rights, data security Centralized tests and processing Continuous auditing management Configuration & management Data Access Management & Automation Access, extract, transform, load Specialized format connectors Audit data repository Reporting & Presentation Data Access Templates, charting Dashboard integration Report deployment and maintenance Analytic Library Packaged analytics, key business processes
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 8 Audit Analytics Repository Management & Automation User access & rights Scheduling Administration Data Data sets for each audit area Data dictionaries Data management & refresh Search Security Analytics Test library Test documentation “Best Practices” documentation Findings & Results Results management Specific findings Logs & other documentation
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 9 Populating and Refreshing the Audit Data Repository INFORMATICA for ACL AuditExchange o o Industry leading technology for ETL (Extract Transform Load) Connectors for any enterprise data PowerCenter: Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL Server, dBase B2B Complex Data Exchange: PDF, XML, XBRL, Excel PowerExchange Specialized data formats – HIPPAA etc ACL Data Access, including Direct Link for SAP
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 10 ACL: Continuous Auditing and Continuous Monitoring ACL AuditExchange Enables Best Practices in Audit Analytics Provides a secure, controlled, well-managed and sustainable environment for the continuum of Audit Analytics – Ad Hoc through Continuous Auditing o Provides benefits of Audit Analytics to the entire audit team, according to roles o A reliable environment for Continuous Auditing o o ACL Continuous Controls Monitoring o o o o o o Provides management and audit with insight into control effectiveness Monitors all transactions throughout business process cycles Tests against suites of control rules Identifies and quantifies exceptions on a timely basis Supports exception resolution and control remediation Configuration and management of the monitoring process
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 11 ACL Continuous Controls Monitoring Technology Framework
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 12 ACL CCM Product Suite Continuous testing of transactions in core business process areas against sets of internal control rules Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 13 ACL CCM Product Suite Browser-based interface: o o o o Manage Continuous Monitoring process Security and Administration Manage test parameters View, report and manage exceptions
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 14 ACL CCM Product Suite – Large Enterprise Version Advanced capabilities for complex large scale enterprise monitoring For 10 control entities: o o o Enhanced multi-entity configuration Enhanced multi-entity parameter management Enhanced workflow and remediation
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 15 ACL Enterprise Continuous Monitoring at ACL audit analytics used for many years in Siemens entity internal audit organizations Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise Believed to be largest purchase-payment transaction monitoring project in the world
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 16 Enterprise Controls Monitoring at Siemens Scale All corporate entities (currently 900 ) All Purchase to Pay transactions Daily with 90 days running history 27 control tests 275 different data sources & applications Average 5GB of source data analyzed per entity Primary integration environment: analysis of 200GB data for 400 entities
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 17 Enterprise Controls Monitoring at Siemens Exceptions: workflow process Process managed by entity business owners o o review all exceptions assign appropriate category Unresolved exceptions automatically escalated through multiple CFO levels
ACL Services Ltd. Copyright 2008 ACL Services Ltd. 18 Questions? Contact: john [email protected]