Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November.

Slides:

Advertisements

Similar presentations

Softricity LLC Advance slides with arrow keys. Without PDMLynx Informal processes based upon excel, access, paper files No consistency across organization.

Advertisements

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

CFIT Presentation Presented By: Sumit Nijhawan

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

1 OCEANIA TECHNOLOGY SEMINAR 2008 © 2008 OSIsoft, Inc. | Company Confidential OCEANIA TECHNOLOGY SEMINAR 2008 How PI Notifications ensures that SmartSignal’s.

DB2 Tools Pertemuan 3 Matakuliah: T0413 Tahun: 2009.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Company and Product Overview The AMLA Doug Keipper, CAMS.

CAATTs for Data Extraction and Analysis

Continuous Audit at Insurance Companies

Managing the Information Technology Resource Jerry N. Luftman

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Copyright © 2003 Americas’ SAP Users’ Group Compliance and Continuous Monitoring: Achieving Best Practice Standards for Internal Control Michelle Thomson.

The Information Systems Audit Process

Continuous Auditing Applications for SAP/R3 Vincent Rykes City of Edmonton.

Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.

16th World Continuous Auditing Symposium Continuous Auditing Process using Cross References and Key Performance Indicators Washington Lopes da Silva.

U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

Continuous Monitoring as a tool for Fraud Detection Anton Bouwer CQS Technology Holdings

Network security policy: best practices

Evolution of Data Analysis

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd.

Today’s Agenda Chapter 12 Admin Tasks Chapter 13 Automating Admin Tasks.

Module 13 Automating SQL Server 2008 R2 Management.

1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation

How Will Continuous Auditing and XBRL-GL Work Together to Provide Improved Business Value? Nigel J. R. Matthews, BASc, CA ACL Services Ltd.

The Leading Global Provider of Audit Analytics Technology Copyright © 2008 ACL Services Ltd. ACL Solutions Update Virginia User’s Group Steve Biskie CPA,

Today’s Lecture application controls audit methodology.

The Islamic University of Gaza

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Practical Implementation of Automated Assessment Tools for the IT Auditor John A. Otte, CISSP, CISA, CFE, EnCE, MSIA Director, Strategic Services FishNet.

Transaction Processing Systems n What is a TPS? n Characteristics of TPS n a Transaction Processing Model n POS(Point Of Sale) Transaction Processing.

Chapter 16: Audit of Cash Balances

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

1 © Greenlight Technologies. All rights reserved. 1 Evolution Of The Internal Audit Function: From Controls Testing To Corporate Performance Management.

RECYCLE Recycle Compliance Tracking System PVK Corporation.

Event Management & ITIL V3

Unit 8b Troubleshooting; Maintenance and Upgrades; Interaction with Vendors, Developers, and Users Component 8 Installation and Maintenance of Health IT.

Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.

©2002 Allen Systems Group, Inc. All Rights Reserved. by Scott Webb, ASG Senior Sales Engineer by Scott Webb, ASG Senior Sales Engineer ASG-sys*ADMIRAL.

Introduction to the Adapter Server Rob Mace June, 2008.

Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.

Chapter 12 Integrated Information Systems for Chronic Care: A Model Linking Acute and Long Term Care.

Is Your Business Ready For The Ultimate Business ERP Solution.

Project Portfolio Management MaestroTec, Inc. Project Portfolio Management Providing the tools and resources necessary to effectively.

Continuous Auditing at Unibanco Washington Lopes

Global Technology Auditing Guide 3 Presented by Melanie Cloran.

Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.

Conference Workshop Continuous Auditing: An Approach for Today Univ. of Salford, 5 December December 2015 Presented by Anton Bouwer

Business Process Management. 2 ”A structured, measured set of activities designed to produce a specific output for a particular customer or market… A.

Copyright © 2007 Pearson Education Canada 1 Chapter 15: Audit of Cash Balances.

Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.

MyFloridaMarketPlace Quality Improvement Plan. Page 2 MFMP Quality Improvement Plan  The MFMP team has developed a quality improvement plan that addresses.

CONTROL-M Training At Global Online Trainings IND: Skype: Global.onlinetrainings USA:

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

MQ Series Cross Platform Dominant Messaging sw – 70% of market

Claims Leakage Control

Review of IT General Controls

Audit Automation as the Foundation of Continuous Auditing

Week Thirteen – Continuous Auditing/CAATs and QA/QC

Week Thirteen – CAATs & Continuous Auditing

Transaction Processing Systems

Presented by Anton Bouwer

MQ Series Cross Platform Dominant Messaging sw – 70% of market

Presentation transcript:

Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November

Status of use of continuous assurance implementations. What is meant by “continuous”? The practical issues of integrating continuous auditing/monitoring procedures to the data and the underlying application. Defining the control parameters to be tested. Setting the thresholds for reporting and priorities for notifications. Softwarefunctionality required to support continuous monitoring Implementing Continuous Assurance Systems

Status of continuous assurance implementations within the ACL user base: ACL user base includes over 150,000 licensed users:  The Final 4  89 of the Fortune 100  44% of the Global 500  30+ national governments and virtually all US state governments Very few organizations have fully embedded and automated continuous auditing/monitoring applications Most “Continuous Monitoring applications” are simply series of automated data analysis tests that are run on a regular basis, and are manually initiated - not true continuous applications e.g:  Detecting indicators of fraud  Identifying duplicate and other overpayments Continuous Assurance Systems

“Continuous” Assurance Applications: Automated analyses that test transactional data against defined control parameters/rules Generally independent of the underlying business application system Run automatically on a daily / weekly basis – (occasionally more frequently) Automatically generate exception reports / alerts Detective more than preventative Continuous Assurance Systems

Most common application areas among ACL user base: General business process: Purchase / Payments cycle Vendor fraud Expense claims Industry-specific Money laundering, anti-terrorist legislation Insurance claims Medicare/Medicaid compliance Continuous Assurance Systems

Continuous Monitoring Application Independent, comprehensive series of control tests Payments system Continuous Monitoring system

Why are they needed?: Confirmation that controls built into application systems are operating effectively Make up for lack of controls in application systems Continuous Assurance Systems

Getting to the data: Direct access vs extract  Direct access to mainframe / server data usually preferable  Data extract may be preferable to minimise processing impact Define the “data slice”  Decide on the point at which to take the slice (Time-based? Process-based? – depends on underlying application system and timing of CA process)  Ensure that all transactions are captured since the last test process Continuous Assurance Systems

DDA Files (DB/2) Money-laundering application ACL for OS/390 Client Server ACL for Windows Client Control parameters defined within ACL “rules-engine” Customer names, Account Master Daily Account History Adjust alert sensitivity File of suspect transactions Reports and alerts Distributed by Lower Priority reports High priority alerts Processing log ACL daily extract / monitoring process launched by JCL and Windows Schedulers Additional analysis by ACL of suspect transactions

Establishing the control parameters: Identify specific control exposures Identify indicators of risk Use transactional analysis to determine if conditions exist for which no controls designed/risks indentified Define specific control parameters / tests Establish sensitivity thresholds for reporting and alerts  “Scoring/weighting” of events dependent upon combination of control parameters that are failed and indicators of risk Continuous Assurance Systems

ACL functionality that supports Continuous Assurance applications: Analytical and inquiry processes that support audit and control procedures Direct data access e.g.  ACL OS/390 Client Server  Direct Link for SAP R/3  ODBC-compliant databases NOTIFY – notification of reports and alerts Complete logging of processes Definition of control parameters (“rules-engine”) Development of interactive and automated applications Continuous Assurance Systems

Example of interface for tuning monitoring parameters Note: This amount can be modified from the parameters menu.

Example of interface for tuning monitoring parameters

Example of ACL Notify command