Professional Documents
Culture Documents
Monitoring
Presentedto:
August20,2013
Coursegoals&objectives
Toguideparticipantsthroughtheterminology,conceptsandvalueproposition
fordeployingContinuousControlsMonitoring(CCM).
ReviewofwhatCCMis
BenefitsofCCM
RequiredComponents
DiscusstheEmoryCaseStudy
Toolstoleverage
TheApproachandBestPractices
DiscussEmorysROI
AboutthePresenters
MarkHafitz DirectorofInformationTechnologySpecialProjects
AswellasbeinganEmoryalumnus,MarkhasworkedforEmoryUniversityforover20years.Hiscareerat
EmorystartedintheInformationTechnologyDivisionworkingasaProgrammer/Analystsupportingfinancial
applications.SeveralyearslaterhebeganworkingintheHumanResourcesDivisionastheAssistantDirector,
InformationSystems.HemanagedthedailyoperationsoftheHumanResourcesInformationSystemsareaand
oversawthedevelopmentandmaintenanceofallHumanResourcessystems.Forthelast15yearshehas
workedintheFinanceDivisionmanagingandoverseeingthecompletionofthedivisionwidefinancialsystems
projectsastheDirectorofFinancialProjects. PriortoEmory,Markspentseveralyearsasa
Programmer/AnalystworkingwiththeInformationSystemsgroupatKimberlyClarkCorporation. Mark
receivedhisMasterofBusinessInformationSystemsdegreefromGeorgiaStateUniversity,andaBachelorof
ArtsinEnglishLiteraturefromEmoryUniversity.
MichaelLisenby,ManagingPartnerSolomonEdwards Atlanta
MikeLisenby isaspecialistinEnterpriseRiskServices&Compliance.Mikehasover16yearsofexperiencein
helpingbusinessesmanagetheiraccounting,finance,technologyresourcesandcomplianceneedseffectively.
Mikesexperienceincludesconsultingandcosourcing,ITaudits,SOXcompliance,andtechnologysecurity
assessments,riskidentification,assessmentandevaluation;riskresponse;riskmonitoring;ITcontroldesign
andimplementation;andITcontrolmonitoringandmaintenance.MikeheldleadershiproleswithArthur
AndersenandseveralotherNationalConsultingFirms,andhaspriorinternalauditexperiencewithFortune
BrandsandPhilipMorris.HecurrentlyholdsaCRISC(CertifiedinRiskandInformationSystemsControl)
Certification.
WhatisCCM
ContinuousControlsMonitoring(CCM)isanongoingsystematicpracticeof
observingandchecking,forreasonableassurance,thatInformationTechnology
Systems(hardwareand/orsoftware)operateasdesigned.Thesesupervisory
practices,againstITsystems,haveabasisformaintainingdatavalidity,reliability,
andintegrity.SeveralareaswheremodernorganizationsdependonITsystemsto
operatecontinuously,accuratelyandeffectively:
Thereportingoforganizationfinances.
ECommerceandElectronicFundsTransfer.
NetworkandComputingPlatformSecurity.
Medical,Criminal,orFederalDataRecordsManagementandRetention.
PublicTelecommunicationsVoiceandDataNetworks
NationalEnergyGridsandUtilities.
Wikipedia
4
BenefitsofCCM
Processproblemsarereflectedintransactionaldataifyouknowwhatto
lookfor
100%oftransactionstestedwithsophisticatedanalyticsinnearrealtime
(asopposedtoaperiodicsamplelongafteroccurrence)
Resultscanbeactedonrapidly,sometimesbeforetransactioncycle
completes
Goesbeyondjustreportingtoprovideanactionablecontrolframework
Cuttingcosts,catchingpolicyviolationsorfraud Ex:T&Eexpense
submissions
Automatemanualtasks Ex:Reconciliations,IAtestingprocedures,
accesscontrols
StoppingRevenueLeakage Ex:salesorsourcedocumentsthattrigger
revenuerecognitionmissing
5
CreatingValue
6
ComponentsofCCM
SourceSystems Reports
&
Dashboards
GL
Reporting
AP Statistical
Tool
and
AnalyticalRoutines Exception
AR Continuously Exceptions Management
PerformedonData Identified Interface
HR Email
Replication Alerts
Or ReplicatedData InvoiceA123from
ETL For AcmeSolutionsinthe
Other Analysis amountof$543.21may
beaduplicateofinvoice
1231intheamountof
$543.21Dated4142010
fromAcmeInc.
7
Approach
Step1: Step2: Step3: Step4:
DesignControls ImplementETL DevelopAnalytics UserComponents
CreateDesign
Document
8
Step2:
ImplementETL ExportTransform&Load
Extract
Multiplewaystoapproach:
LinkedServerObject(typicalforanOracleDBSource)
ETLTools(suchasSSIS;opensourcetoolsareavailabletoo)
Replication(Publication/Subscriptionmodel)
IfMirrororReplicatedinstanceofproductiondataisalreadyavailablethatisthepreferred
method.Ifnot,indexedshortrunningquerieswithReadOnlyaccountstopullindaily
incrementalactivityandonlyfromneededtables/columns,basedonscheduledjob(duringnon
peakhours)isrecommended.
Keyobjectiveisautomatedavailabilityofnearrealtimedataneededtosupportcontinuous
analytics
ExampleofpossibleTransformation:MappingmightbeneededtotranslatetoparentsChart
ofAccountsorothercommonmodelfromvariousautonomoussystemstoallowcross
comparisons
SomeanalyticsneedtotrackchangestoMasterData(Example:VendorMasterFileTampering
Testing);inthiscase,wecreatedlogictocreateversionedsnapshotsofrecordsintheETLlogic
BecausewewanttheExceptiontobeabletoberesolvedbytheOwnerwithoutthemhavingto
logintothesourceapplication,wepullalldataneededtounderstandandresolvetheExceptions
forpresentationintheExceptionReport
9
Step3:
DevelopAnalytics
SpecificIndicators
Name DuplicatePO
Description TestformultipleoccurrencesofthesamePOnumberbeingreferencedby
multipleinvoices.
Functional Foreachgivenvoucher,testallvoucherswithintheprevious60daysforthe
Logic/ samePOnumberbeingreferenced.
Algorithm
Probability 80%
Name DuplicateAmount
Description TestformultipleoccurrencesofthesameAmountbeingreferencedby
multipleinvoicesfromtheSameVendor.
Functional Foreachgivenvoucher,testallvoucherswithintheprevious60daysfromthe
Logic/ samevendorthatareforthesameamount.
Algorithm
Probability 20%
Each Indicator becomes a part of the Where Clause and possibly helps drive joins
10
Step3:
DevelopAnalytics
ScriptDevelopment
MultipleIndicatorsinSQL
Select
ExceptionID(key),
DuplicateInvoiceasException_Type,
XXXasProbability,
Etc(Alldataneeded)
FromVouchersasV
JoinVouchersasV_Same_PO
onV.PO=V_Same_PO.PO
JoinVouchersasV_Same_Amt
onV.Amt =V_Same_Amt.Amt
11
Step3:
DevelopAnalytics
ScriptDevelopment(continued)
TheUseofProbabilities
TheProbabilityfieldinyourselectclause:
Select
'Probability'=
(caseWHENV.PO=V_Same_PO.PO THEN80%end)+(casewhenV.Amt =
V_Same_Amt.Amt then20%end)
FromTable_X
12
Step3:
DevelopAnalytics
ScriptDevelopment(continued)
DuplicateInvoiceActualScript
5.7BPossibleDuplicateInvoice:SameInvoiceNoandAmountforSimilarVendors,within PROBABILITY=(casewhenCCM.dbo.fn_StrClean(ISNULL(V_Prior_Addr.ADDRESS1,'
60days. ')+ISNULL(V_Prior_Addr.ADDRESS2,'')+ISNULL(V_Prior_Addr.City,''))
=CCM.dbo.fn_StrClean(ISNULL(V_Dup_Addr.ADDRESS1,'')+
InsertintoCCM.dbo.EXCEPTIONS_Stage
ISNULL(V_Dup_Addr.ADDRESS2,'')+ISNULL(V_Dup_Addr.City,''))
SELECT then.6
CasewhenV_Dup.BUSINESS_UNIT in('EMUNV')then'EUV'else'EHC'endASCOMPANY,'' End)+
ASDEPT_NUM,''ASDEPT_NAME,'EXCEPTION'ASTYPE,'ProcuretoPay'ASCATEGORY, (Casewhen
'5.7BPossibleDuplicateInvoice SameInvoiceNo,DifferentButSimilarVendors'as CCM.dbo.fn_calculateJaroWinkler(CCM.dbo.fn_StrClean(ISNULL(V_Name_Dup.NA
Exception_Name,'5.7B'+V_Dup.BUSINESS_UNIT +V_Dup.Voucher_ID asEXCEPTIONID, ME1,'')),
GETDATE()ASEXCEPTION_DATE, CCM.dbo.fn_StrClean(ISNULL(V_Name_Prior.NAME1,'')))>.97
V_Dup.OPRID_LAST_UPDT ASASSOCIATED_USER,'NEW'ASSTATUS,''AS then.6
EXCEPTION_OWNER,''ASNOTES,INDICATORS=(casewhen else(.5.5)
CCM.dbo.fn_StrClean(ISNULL(V_Prior_Addr.ADDRESS1,'')+ End),
ISNULL(V_Prior_Addr.ADDRESS2,'')+ISNULL(V_Prior_Addr.City,'')) V_Dup.GROSS_AMT ASFINANCIAL_IMPACT,
VAL_1=V_Dup.INVOICE_ID,
=CCM.dbo.fn_StrClean(ISNULL(V_Dup_Addr.ADDRESS1,'')+
DEF_1='DuplicateInvoiceNo.',
ISNULL(V_Dup_Addr.ADDRESS2,'')+ISNULL(V_Dup_Addr.City,''))
VAL_2=V_Prior.INVOICE_ID ,
then'SameInvoiceNumberforVendorswithSimilarAddress.' DEF_2='PriorInvoiceNo',
else'' VAL_3=V_Dup.GROSS_AMT,
end)+ DEF_3='InvoiceAmt',
(Casewhen VAL_4=V_Dup.Voucher_ID,
CCM.dbo.fn_calculateJaroWinkler(CCM.dbo.fn_StrClean(ISNULL(V_Name_Dup.NAME1,' DEF_4='DuplicateVoucherID',
')), VAL_5=V_Prior.Voucher_ID,
DEF_5='Prior_Voucher_ID',
CCM.dbo.fn_StrClean(ISNULL(V_Name_Prior.NAME1,'')))>.97
VAL_6=V_Dup.VENDOR_ID,
then'SameInvoiceNumberforVendorswithSimilarName.' DEF_6='DuplicateVendorID',
else'' VAL_7=V_Prior.Vendor_ID,
End), DEF_7='PriorVendorID',
13
Step3:
DevelopAnalytics
ScriptDevelopment(continued)
DuplicateInvoiceActualScript(Continued)
VAL_8=V_Name_Dup.NAME1, VAL_18=NULL,
DEF_8='DuplicateVendorName', DEF_18=NULL, onV_Prior.INVOICE_ID =V_Dup.INVOICE_ID
VAL_9=V_Name_Prior.NAME1, VAL_19=NULL, andV_Prior.VENDOR_ID !=V_Dup.VENDOR_ID
DEF_19=NULL, andV_Prior.INVOICE_DT >=DATEADD(dd,60,V_Dup.INVOICE_DT)
DEF_9='PriorVendorName', andV_Dup.ENTERED_DT >=V_Prior.ENTERED_DT leftouterjoin
VAL_10=V_Dup.Invoice_DT, VAL_20=NULL,
DEF_20=NULL, CCM.dbo.PS_VENDOR asV_Name_Dup
DEF_10='DuplicateInvoiceDate', VAL_21=NULL, onV_Name_Dup.VENDOR_ID =V_Dup.VENDOR_ID leftouterjoin
VAL_11=V_Prior.INVOICE_DT, DEF_21=NULL, CCM.dbo.PS_VENDOR asV_Name_Prior
DEF_11='PriorInvoiceDate', VAL_22=NULL, onV_Name_Prior.VENDOR_ID =V_Prior.VENDOR_ID leftouterJoin
DEF_22=NULL, CCM.dbo.PS_VENDOR_ADDR asV_Dup_Addr
VAL_12= onV_Dup_Addr.VENDOR_ID =V_Dup.Vendor_ID
CCM.dbo.fn_StrClean(ISNULL(V_Dup_Addr.ADDRESS1,'')+ VAL_23=NULL,
DEF_23=NULL, andV_Dup_Addr.ADDRESS_SEQ_NUM =V_Dup.ADDRESS_SEQ_NUM
ISNULL(V_Dup_Addr.ADDRESS2,'')+ leftouterJoinCCM.dbo.PS_VENDOR_ADDR asV_Prior_Addr
ISNULL(V_Dup_Addr.City,'')), VAL_24=NULL,
DEF_24=NULL, onV_Prior_Addr.VENDOR_ID =V_Prior.Vendor_ID
DEF_12='ScrubbedDuplicateVendorAddress', andV_Prior_Addr.ADDRESS_SEQ_NUM =V_Prior.ADDRESS_SEQ_NUM
VAL_25=NULL,
VAL_13= DEF_25=NULL, whereV_Dup.ENTERED_DT >=DATEADD(dd,5,V_Dup.INVOICE_DT)
CCM.dbo.fn_StrClean(ISNULL(V_Prior_Addr.ADDRESS1,'')+ VAL_26=NULL, andV_Prior.ENTRY_STATUS NOTIN('X','R')
ISNULL(V_Prior_Addr.ADDRESS2,'')+ DEF_26=NULL, andV_Prior.Vendor_ID isnotnull
ISNULL(V_Prior_Addr.City,'')), VAL_27=NULL, andV_Dup.GROSS_AMT =V_Prior.GROSS_AMT
DEF_13='ScrubbedPriorVendorAddress', DEF_27=NULL, and(
VAL_14=NULL, VAL_28=NULL, CCM.dbo.fn_StrClean(ISNULL(V_Prior_Addr.ADDRESS1,'')+
DEF_28=NULL, ISNULL(V_Prior_Addr.ADDRESS2,'')+ISNULL(V_Prior_Addr.City,''))
DEF_14=NULL, =CCM.dbo.fn_StrClean(ISNULL(V_Dup_Addr.ADDRESS1,'')+
VAL_15=NULL, VAL_29=NULL,
DEF_29=NULL, ISNULL(V_Dup_Addr.ADDRESS2,'')+ISNULL(V_Dup_Addr.City,''))
DEF_15=NULL, VAL_30=NULL, OR
VAL_16=NULL, DEF_30=NULL
DEF_16=NULL, fromCCM.dbo.PS_VOUCHER asV_Dup CCM.dbo.fn_calculateJaroWinkler(CCM.dbo.fn_StrClean(ISNULL(V_Name
leftouterjoinCCM.dbo.PS_VOUCHER as _Dup.NAME1,'')),
VAL_17=NULL, CCM.dbo.fn_StrClean(ISNULL(V_Name_Prior.NAME1,'')))>.97
DEF_17=NULL, V_Prior
);
GO
14
CaseStudy Issues
SignificantControlWeaknesses
Decentralizedstructure
Multipledisbursementprocesses
Broadlydistributedaccess
Dutiesnotsegregated
Fewrestrictions/discretionaryaccounts
Poormonitoringcontrols
BleedingFromaThousandCuts
1millionannuallyininaccuratepayments
Multiplefrauds
ResourceLimitations
15
CaseStudy Considerations
DesiretobeProactivevs.Reactive
Catcherrorsbeforepaid
Budget
NoLicensingfees/annualcommitments
Flexibility/EaseofUse
Auditdepartmenttomaintain/minimalITsupport
Growthpotential:handleunlimiteddatasourcesandcontinuallyadd
newlogictests
Communications(noticeofexceptions;resolution)
Transferabilitytomanagement
Reportingcapabilities
Security&Compliance
Theenvironmentneededtobesecure(SSL)tosafeguardconfidential
information
16
CaseStudy WhySEG
WhyEmorydecidedtoPartnerwithSEGanduseanopen
sourcesolution:
SubjectMatterExpertise
Costeffective/Noadditionallicensingfees
CoSourcedApproach
Leverageduseofexistingtechnology/Nottiedtovendor
Knowledgetransfer/abilitytosupportinhouse
Abilitytodeployinaphasedapproach
17
AlgorithmsCreated PhaseI
VendorMasterIntegrityChecks
Conflictsofinterest
Duplicatevendors
VendorMasterTampering
PaymentIntegrityChecks
DuplicatePayments
Potentialpersonalpurchasesoncorporatecard
Expenses/PerDiems
Travelagent/employeeIDnotvalidated
HRChecks
Rehireofterminatedemployees
Newhirebackgroundchecks
FMLAStatusConsistency
FLSAErrorChecking
18
ComponentsofCCMAtEmory
Statistical EmailAlertsgenerated
embeddedlink
and toareport
AnalyticalRoutines
Continuously
PerformedonData EmailAlerts
SourceSystems
PeopleSoft
HR, Exception
Management
Payroll, Exceptions
Interface
Payables, SQL Identified ASP.netWebform
Procurement ETL ReplicatedData
Kronos
ForAnalysis Reporting
LDAP
Tool
VBScript
IISWebBased
Reports
&
Dashboards
19
AutomatedProcessing
AutomatednotificationofdailyETLfeedandAnalyticsSuccessforFailureissentto
management,givingpositiveassurancethattheapplicationiscontinuouslytesting
transactionaldata.Mostdays,noexceptionoccurs,andthereisnothingtoreport,so
thisallowsconfidencethattheapplicationisactuallyturnedonandworking.
20
EmailAlerts
Whenexceptionsdooccur,userspecificEmailAlertsaregenerated(when
exceptionsrelevanttoonlyspecifiedusersoccur)withanembeddedlinktoa
reportthatonlyallowsthemtoseeauthorizeddatauniquetothatuser.
21
SSLEncryption
TheSSLfeaturesinIIScannotbeuseduntilyouobtainandassignaservercertificatetothe
computerthatisrunningIIS.
ConfiguringSSLencryptionisamultistepprocessthatinvolvesthefollowing:
1. RequestingaservercertificateforthecomputerthatisrunningIIS.IftheIISserveralready
hasaservercertificate,youcangotostep4.
2. Obtainingaservercertificatefromacertificationauthority.
3. InstallingthenewlyissuedservercertificateintoIIS,Bindingit.
4. EnablingSSLencryption.
5. UpdatingthedatabaseoftrustedCertificationAuthorityoneachsmartdevicesoitcan
recognizetheservercertificateasauthentic.
22
ServerCertificates
23
BindingCertificate
24
VerifyBinding
25
ConfigureSSLSettings
26
IISReporting
27
IISReporting
28
AlternateView
ClickingtheabovelinkpresentsanAlternateviewofalldatarelatedtothat
specificexception.
29
AlternateView(continued)
Scrollingdowntobottom,theusercanclickthelinktoenterEditMode(shown
onnextscreenshot).
30
EditMode
31
EditMode
Afterupdatingtheinformation,userclickstheUpdatelink
32
UpdateSuccess
33
ManagementReporting
34
CaseStudy ROI
Implementationcostsrecoveredin6weeks
Duplicatepayments(invoicesandsupplementalpay)
Caughtpriortodisbursement(reducedcoststocorrect)
ControlEffectivenessMonitoringResults
Conflictsofinterest
Expenses/PerDiems
Rehireofterminatedemployees
InconsistentFMLAstatus
Travelagent/employeeIDnotvalidated
FutureOpportunities/NextSteps
Revenue
RACAudits
Compliance:grantsandcontracts
Removalofnetworkaccessforterminatedemployees
Statisticalanalysis
35
CaseStudy Results
DuplicatePayments:April1 July
31
$140,000
$120,000
$100,000
$80,000
$60,000
$40,000
$20,000
$0
April May June July
NumberofExceptions AllTests
25
20
15
10
0
April May June July
36
DoesCCMMakeSenseForYourCompany?
Anymanualprocessessubjecttohumanerror?
AnyManualAuditsorReconciliations?
AnyrecurringAnalyticalproceduresthatconsumealotoftimeorare
painpoints?
Concernsaboutpolicycompliance?
Concernsaboutemployeetheft?
Iftheanswerisyestoanyofthese,itislikelythatCCMcanbringsolidvalueto
yourcompanyenablingyoutoincreaseitsAuditCapabilityMaturityLevelwhile
allowingthefinanceandauditteamstoshowtheirstrategicvaluetotherestof
thecompany.
37
For More Information
MikeLisenby,CRISC ScottStevenson,CIA,CPA
SolomonEdwards EmoryUniversity
ManagingPartner AssociateChiefAuditOfficer
mlisenby@solomonedwards.com Office:4046862916
Office:4044974152 sjsteve@emory.edu
Mobile:4042818005
SolomonEdwardsGroup,LLC
AtlantaOffice
FiveConcourseParkway,Suite1450
Atlanta,Georgia30328