Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mission Risk & Internal Control The New Normal

Published byGwenda Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Mission Risk & Internal Control The New Normal"— Presentation transcript:

1 Mission Risk & Internal Control The New Normal
November 18, 2015 Derek Davison Tashu Trivedi

2 Introductions Tashu Trivedi, President and CEO, TFC Consulting, Inc.
Over 23 years of Federal audit and financial management experience Former KPMG senior audit manager Extensive knowledge of OMB and GAO internal control requirements Chair of AGA’s CPAG Small Business Committee Derek Davison, Owner, DLD Consulting, Inc. 15 years of Federal and commercial financial modeling and risk analytics experience Modeled and analyzed over $2.5 Trillion in Federal assets and guarantees Regularly works in highly scrutinized environments Former Director of Development of FI Consulting

3 Session Objectives Discuss overall trends in risk management & internal control Demonstrate and improve awareness of analysis techniques Demonstrate tools and data that could become part of the solution

4 Current Trends in Internal Control
Shift from financial risk to mission risk Emphasis on ERM approach More emphasis on fraud, waste, and abuse More data analytics and continuous monitoring required Democratization of data Downward budget pressures (Do more with less)

5 Overall Movement Towards Mission Risk
COSO 1992: Internal Control–Integrated Framework Leading internal controls framework Periodically updated (most recently in 2013) (Likely) OMB A-123 Revisions Based on COSO and the UK Orange Book Require ERM approach Emphasize portfolio of risks that effect mission not just financial risk State and Local Governments Many state and local governments have already adopted COSO or implemented similar ERM solutions

6 What is Mission Risk? Financial Risk Credit Risk Operations Risk Reputation Risk Cyber Security Risk Privacy Risk Fraud, Waste, Abuse Risk Program Risk Market Risk Technology Risk Disaster Risk All Other Risks Consists of all risks, both positive or negative, that effects the ability of an entity to achieve its objectives. Should be viewed as a portfolio of risks Better understand interconnectedness between risks

7 COSO Framework Control Environment Risk Assessment Control Activities
Information & Communication Monitoring Activities

8 Analytical Techniques
Continuous Monitoring/Dashboards Heat Maps Geospatial & Multiple Data Forms Time Maps Network Visualizations Sentiment Analysis

9 Analysis Tools MS Excel 2013 R Software R Studio Google MyMaps
Analytics and data capabilities significantly enhanced PowerMaps R Software Open source software environment for statistical computing and graphics Thousands of free analytical and data visualization packages R Studio Open source Integrated Development Environment (IDE) Makes it easy to develop, share, and scale R projects Google MyMaps Open source custom google maps

10 Analysis Data Data.gov Open Baltimore
Goal is to improve public access to high value, machine readable public datasets 188,952 distinct datasets Many apps use this data Open Baltimore Goal is to provide the public access to city data in an effort that supports transparency, openness, and innovation. 110 distinct datasets

11 Open Source Software Widely used software made available with a public license Often developed in a collaborative public manner Same security concerns as proprietary software 18F - Analytical use in Federal Government

12 Open Source Software

13 What is Continuous Monitoring?
There is no standard definition of Continuous Controls Monitoring; The following includes the common themes among the definitions… “Continuous controls monitoring is a set of technologies and processes to detect risk and compliance issues through continuous monitoring and reduce the cost of audits through continuous auditing of the controls in financial and other transactional applications.” Dashboards!

14 What is Continuous Monitoring?

15 What is Continuous Monitoring?

16 What is Continuous Monitoring?

17 What are Heat Maps? A heat map is a graphical representation of data where the individual values are represented as colors. Quickly Analyze Data Facilitates Communication Risk Analysis Continuous Monitoring Others?

18 What is Geospatial Analysis?
MAPS! MAPS! MAPS! Tabular geospatial data typically has no meaning Plotting on a map can yield valuable insights

19 What are Time Maps? Data visualizations that allows the analysis of discrete events

20 What are Time Maps? Credit Card Data Transactional Data Timesheet Data
Badging Data IP Data Access Data Social Media Data Program Data Others?

21 What are Network Visualizations?
A network is any collection of items in which pairs of these items are connected in some manner. Homophily (pronounced HOME-ah-filly) is the propensity of network members to select connections with other members who have similar characteristics Program Data Vendor Data IP Data People Relationships

22 What is Sentiment Analysis?
Sentiment analysis (also known as opinion mining) refers to the use of natural language processing, text analysis and computational linguistics to identify and extract subjective information in source materials.

23 Session Objectives - Wrapup
Discuss overall trends in internal controls Demonstrate and improve awareness of analysis techniques Demonstrate tools and data that could become part of the solution

24 Questions

25 Useful Links Presentation Data and Tools
Search over 185,000 data.gov datasets: Search data.gov apps: Open Baltimore datasets: Download R Software: Download R Studio: Take Free Online R Training: Open custom google maps: Quickly search GSA rates across multiple firms, schedules, and labor categories. 18F GSA Calc Tool: Continuous Monitoring Examples Real-time statistics and visualizations on popular R package downloads: Real-time statistics on Federal website usage: Heat, Geospatial, and Time Map Examples Treasury’s Financial Stability Monitor: Baltimore towing (all towing, holiday towing, stolen-car towing: Baltimore Murals (includes photos): Time maps of Baltimore towing company behavior: Network Visualizations and Cluster Analysis Examples Network Visualizations of Baltimore City Agencies and Vendors: Sentiment Analysis and Text Mining Examples Government Fraud, Waste, and Abuse News Story search and analysis:

Download ppt "Mission Risk & Internal Control The New Normal"

Similar presentations

Interactive Financial eXchange www.IFXForum.Org XML Usage in Financial Services Mark Tiggas President, Interactive Financial eXchange Open Applications.

Interactive Financial eXchange XML Usage in Financial Services Mark Tiggas President, Interactive Financial eXchange Open Applications.
Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit.

NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.

Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Security Controls – What Works

Security Controls – What Works
Intergovernmental Subcommittee Update: Geospatial Platform Jerry Johnston March 18, 2011.

Intergovernmental Subcommittee Update: Geospatial Platform Jerry Johnston March 18, 2011.
Customer Relationship Management Systems Nicole Burch Kenneth Glindmyer.

Customer Relationship Management Systems Nicole Burch Kenneth Glindmyer.
The Web is perhaps the single largest data source in the world. Due to the heterogeneity and lack of structure, mining and integration are challenging.

The Web is perhaps the single largest data source in the world. Due to the heterogeneity and lack of structure, mining and integration are challenging.
14 - 1 Chapter 14 The Second Component: The Database.

Chapter 14 The Second Component: The Database.
1 Copyright © 2014 PPM 2000 Inc. SINGAPRORE, AUGUST 2014 Denis O’Sullivan, CPP INCIDENT MANAGEMENT TECHNOLOGY CHALLENGES.

1 Copyright © 2014 PPM 2000 Inc. SINGAPRORE, AUGUST 2014 Denis O’Sullivan, CPP INCIDENT MANAGEMENT TECHNOLOGY CHALLENGES.
Center of Excellence for IT at Bellevue College. IT-enabled business decision making based on simple to complex data analysis processes  Database development.

Center of Excellence for IT at Bellevue College. IT-enabled business decision making based on simple to complex data analysis processes  Database development.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Similar presentations

Ads by Google