ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd ACL Services Ltd Copyright © 2008 ACL Services Ltd Continuous Auditing and Monitoring: Where are we? Where are we going? • ACL has 11,000+ user organizations globally • 33-40% of organizations consider they perform some form of Continuous Auditing • Chief Audit Executive surveys indicate Continuous Auditing and Monitoring usage will more than double by 2012 ACL Services Ltd Copyright © 2008 ACL Services Ltd Continuous Auditing – ACL’s Experience • Wide variation in CA approach and techniques • CA part of a continuum of analytic usage • Flexibility is key ACL Services Ltd Copyright © 2008 ACL Services Ltd Continuum of Audit Analytics • • One-off analysis and testing • Automated analyses and tests Managed and deployed from a central environment • Continual execution of automated audit and monitoring tests to identify errors, fraud and anomalies on a timely basis 24 •7• 365 ad hoc repetitive continuous ACL Services Ltd Copyright © 2008 ACL Services Ltd Continuous Auditing: Issues to Address • • • • Data access and management Quality and control Sustainability and productivity People and process ACL Services Ltd Copyright © 2008 ACL Services Ltd Enabling the Continuum of Audit Analytics A MANAGED ANALYTICS PLATFORM for AUDIT Secure controlled access to data Configuration, automation and scheduling of tests Management of tests, documentation, findings, logs, workflow One common platform 24 •7• 365 ad hoc repetitive continuous ACL Services Ltd Copyright © 2008 ACL Services Ltd Query & Analysis • • • • Reporting & Presentation In-depth analysis Audit-specific commands & scripting Advanced analytics and predictive modeling Centralized logging Management & Automation Query & Analysis Analytic Library • • • • • Audit repository User access & rights, data security Centralized tests and processing Continuous auditing management Configuration & management Data Access Management & Automation • • • Access, extract, transform, load Specialized format connectors Audit data repository Reporting & Presentation Data Access • • • Templates, charting Dashboard integration Report deployment and maintenance Analytic Library • Packaged analytics, key business processes ACL Services Ltd Copyright © 2008 ACL Services Ltd Audit Analytics Repository Management & Automation • User access & rights • • Scheduling Administration Data • Data sets for each audit area • Data dictionaries • Data management & refresh • • Search Security Analytics • Test library • Test documentation • “Best Practices” documentation Findings & Results • Results management • Specific findings • Logs & other documentation ACL Services Ltd Copyright © 2008 ACL Services Ltd Populating and Refreshing the Audit Data Repository • INFORMATICA for ACL AuditExchange o Industry leading technology for ETL (Extract Transform Load) o Connectors for any enterprise data PowerCenter: Flat files, delimited text, XML, Access, Oracle, Sybase, Teradata, ODBC, Informix, SQL Server, dBase B2B Complex Data Exchange: PDF, XML, XBRL, Excel PowerExchange Specialized data formats – HIPPAA etc • ACL Data Access, including Direct Link for SAP ACL Services Ltd Copyright © 2008 ACL Services Ltd 10 ACL: Continuous Auditing and Continuous Monitoring • ACL AuditExchange Enables Best Practices in Audit Analytics Provides a secure, controlled, well-managed and sustainable environment for the continuum of Audit Analytics – Ad Hoc through Continuous Auditing o Provides benefits of Audit Analytics to the entire audit team, according to roles o A reliable environment for Continuous Auditing o o • ACL Continuous Controls Monitoring o o o o o o Provides management and audit with insight into control effectiveness Monitors all transactions throughout business process cycles Tests against suites of control rules Identifies and quantifies exceptions on a timely basis Supports exception resolution and control remediation Configuration and management of the monitoring process ACL Services Ltd Copyright © 2008 ACL Services Ltd 11 ACL Continuous Controls Monitoring Technology Framework ACL Services Ltd Copyright © 2008 ACL Services Ltd 12 ACL CCM Product Suite • Continuous testing of transactions in core business process areas against sets of internal control rules Purchase to Pay Procurement Card Travel & Entertainment Payroll Order To Cash General Ledger ACL Services Ltd Copyright © 2008 ACL Services Ltd 13 ACL CCM Product Suite • Browser-based interface: o o o o Manage Continuous Monitoring process Security and Administration Manage test parameters View, report and manage exceptions ACL Services Ltd Copyright © 2008 ACL Services Ltd 14 ACL CCM Product Suite – Large Enterprise Version • Advanced capabilities for complex large scale enterprise monitoring • For 10+ control entities: o o o Enhanced multi-entity configuration Enhanced multi-entity parameter management Enhanced workflow and remediation ACL Services Ltd Copyright © 2008 ACL Services Ltd 15 ACL Enterprise Continuous Monitoring at • ACL audit analytics used for many years in Siemens entity internal audit organizations • Siemens Power Generation one of first organizations to implement ACL CCM Purchase to Pay 2004 • 2008 implementation of ACL Continuous Monitoring – Large Enterprise Version for Purchase to Pay systems across entire Siemens enterprise • Believed to be largest purchase-payment transaction monitoring project in the world ACL Services Ltd Copyright © 2008 ACL Services Ltd 16 Enterprise Controls Monitoring at Siemens Scale • • • • • • • All corporate entities (currently 900+) All Purchase to Pay transactions Daily with 90 days running history 27 control tests 275 different data sources & applications Average 5GB of source data analyzed per entity Primary integration environment: analysis of 200GB data for ~400 entities ACL Services Ltd Copyright © 2008 ACL Services Ltd 17 Enterprise Controls Monitoring at Siemens Exceptions: workflow process • Process managed by entity business owners o o review all exceptions assign appropriate category • Unresolved exceptions automatically escalated through multiple CFO levels ACL Services Ltd Copyright © 2008 ACL Services Ltd 18 Questions? Contact: john_verver@acl.com