Example: confidence

ISACA-KC - PwCs CA Deck - v20110511-Distr

PwCThe Path Forward for DataAnalysis and ContinuousAuditingMay are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps2 PwCAgendaWhat are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps3 PwCKey Drivers for Change in the Internal AuditThe needs of organizations for risk mitigation and assurance havechanged Strategic risk is a key concern forBoards, yet the amount of informationprovided regarding strategic, value impacting opportunities and threats isoften limited Executive Managementis also focused on strategic, organizational andbusiness risks Globalization,expansion and the heightened pace of change are increasingthe complexity of risks Broader Risks:risks around financial controls and basic compliance aremanaged more effectively, while there are few robust techniques forovers

PwC Stakeholders’ Perspectives on the Future of Internal Audit 8 • Technology to execute audits - Data retrieval software to automate testing • Increase audit coverage

Tags:

  Audit

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of ISACA-KC - PwCs CA Deck - v20110511-Distr

1 PwCThe Path Forward for DataAnalysis and ContinuousAuditingMay are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps2 PwCAgendaWhat are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps3 PwCKey Drivers for Change in the Internal AuditThe needs of organizations for risk mitigation and assurance havechanged Strategic risk is a key concern forBoards, yet the amount of informationprovided regarding strategic, value impacting opportunities and threats isoften limited Executive Managementis also focused on strategic, organizational andbusiness risks Globalization,expansion and the heightened pace of change are increasingthe complexity of risks Broader Risks.

2 Risks around financial controls and basic compliance aremanaged more effectively, while there are few robust techniques foroverseeing broader risk Do More with Less:there are increasing pressures to reduce the cost ofcompliance4 PwCYear to Year Efficiency Priorities531%39%69%69%58%49%42%11%14%23 %24%29%34%46%Reduce external trainingReduce travelStandardize audit proceduresUtilize a more risk based approachIdentify audit process inefficienciesSimplify reportingIncrease use of technologyPlan to employHave employedPwCBarriers to Effective Use of Technology645%41%36%56%54%40%43%55%Other Lack of methodologyLack of accessLack of skills and knowledgeData toolsOrganizational systemsPwCAgendaWhat are we hearing in the market?

3 The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps7 PwCStakeholders Perspectives on the Future ofInternal Audit8 Technology to execute audits-Data retrieval software to automatetesting Increase audit coverage Focus on anomalies Continuous monitoring-Data mining/analysis software forpredictive analysis and modeling Technology to improve the efficiency of theaudit process-Automate issue tracking-Streamlined reporting-Knowledge management and leadingpractices-Storage and retrieval of work products1. Realigning audit coverage2. Improving processand leveraging technologySignificantly More ValueMaterially Less CostOptimize Internal audit processes and leveragetechnology to enhance insight and increase audit Process Framework As Is9 ANNUALANNUALRiskRiskAssessmentAssessment audit PlanAudit PlanFieldworkFieldworkTechnology is beingapplied here (in auditmanagement anddata analysis), tospeed up the major limitingfactors are in annual riskassessment and inreporting delaysProcess to utilize results for next year s Risk AssessmentUtilize information from previous audits for current audits (ad-hoc data analysis notleveraged project to project).

4 However, informal sharing of information within audit Process Framework - Future10A technology enabled approach to the internal auditframework allows for more timely identification of andresponse to Monitor key risks Changes in KRIsindicating change inrisk profileAudit PlanAudit Plan Monitor results tochange frequency/scope of plannedauditsReportingReporting Report changes intrends to managementPERIODICPERIODICF ieldworkFieldworkStrategic AuditStrategic AuditNo ActionNeededContinuousAuditProgramExecut eAutomatedScriptExceptionReportingReview ReportsPwCContinuous Auditing Maturity11Ad Hoc Analytics Occasional, ad-hoc dataanalysis on certain auditsRoutinely Leverage Core technicalcompetencies residentwithin the department Results used for updatingrisk assessment throughoutthe audit processInitial Stage Creation of data experts todevelop routine dataanalysis techniques No process for incorporatinginto IA methodology IA focusedFully Optimized Technology enables fullintegration into internal auditworkflow Business focusedThere is a broad spectrum oftechnology use in the use oftechnology can assist withimproving the efficiency of theContinuous Auditing are we hearing in the market?

5 The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps12 PwCChallenges Facing CAEsChief audit Executives (CAEs) are faced with several challenges whereCA is concerned: Where do I start? What technologies do I need to consider? What are the best practices for leveraging data analysis in theinternal audit ? What pitfalls do I need to avoid? What are my competitors doing? Are there any benchmarks orother guidelines I can use to help direct my strategy? What does a successful CA pilot look like?13 PwCBenefits from Continuous Controls Monitoring(CCM)14 PreventativeDetectiveRisk ManagementCompliance-OfficeProcess-Owner Internal audit Optimization(automation) of theinternal controlssystems and itsmonitoring ( of potentialviolations/alerts and itsremediation) Uncover additionalprocess in-efficiencies( Human errors,unexploitedcontractual conditions) Reduction of (existing)process controls Optimisation of therisk based auditapproach Establishment of thepre-requisites for aContinuous audit (internal und externalaudit) Automation of testing Damage minimizationthrough proactiveprevention anddetection ( fraud)

6 Enforcement of policiesand standards Demonstration ofdevelopments/trends ofnewly implemented(compliance) initiatives Increase of processand data quality Internal compliancebenchmarking Transparency withregard to attitudechange towardscompliance Effective detailed riskanalyses in de-/centralbusiness units Reporting andevaluation of key dataand ratios ( compliancerisk) Continuous, completeand company-wideanalyses of acompany s fraud risksbased on empiricaldataContinuous Controls MonitoringPwCAgendaWhat are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps15 PwCWhere to Start?

7 A Top Down Approach16+Concentration on key risks and link to key controls Identification of essential/top risk areas Top down approach to identify key controls: starting with managementlevel / IT-/ automated controls and completion with process controls if thebefore mentioned controls don t offer adequate top down approach .. and continuous risk monitoringContinuous monitoring of the risk remediation progress Reporting: Alerts reporting and ageing (risk exposure); Recording ofalerts remediation activities Organization: Responsibility and ownership, escalation process Compliance level: Trend analyses and monitoring of behavioral changeTop downKey risksMonitoring /IT/Automated controlsProcess controlsPwCPwC s Risk Based Top Down ApproachWhere do you start?

8 To leverage dataanalytics and implement a CA / CCM solutionsuccessfully, you need to first determine where you want theanalytics to be focusedWhat are the higher risk areas in the enterprise?Within those areas, which risks do you want to focus on?Can we create high value analytics which will help address thoserisks?17 Top downKey risksMonitoring /IT/Automated controlsProcess controlsPwCAgendaWhat are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?Best Practice ApproachGetting the Right Data & the Right ResourcesNext Steps18 PwCPotential Technology Architecture19 DashboardRisk Indicators / Control ParametersExtractor / Mapping / LoadOracleSAPPSFTJDEO therReportingMS SharePoint orWorkflow Mgmt ToolMS Analytical &Reporting Servicesor Reporting ToolMS Integration Services orclient existing ETL Tool*TBD based on vendorselection and requirements( ACL CCM, Oversight,MS SQL Server, etc.)

9 Leverage InternalData Warehouse orMS SQL ServerTechnology ConsideredDescription / UseScreens presented to users based onmodules implemented and user the scenes formatting of reportsand information to be presented throughthe engine which is customizedbased on testing/auditing existing client infrastructureand source process to pull data from sourcesystems and map into data are implemented in thewarehouse based on data requirementsassociated with KRI Data WarehouseProcure-to-payOrder-to-cashFina ncialReportingRetailStoreHR &PayrollCapital& IndustriesIndustrySpecificT & EOthers*Integration or ETL tool usedwill depend on the softwareused for the audit DataWarehousePwCCA / CCM Software Tools20 Tools should not drive CA / CCM decision-making and approachdefinition A suitable tool could be selected once requirements / processes arewell-defined There are many acceptable tools on the market Most specialized tools require significant investment Less expensive general data analysis tools are already owned bycompanies (ACL, MS Access, MS SQL Server).

10 While lacking somespecialized features, these are widespread and could be effectivelyused in the initial phasesPwCThe Ideal CA / CCM ResourceTo effectively deliver results with a strong value proposition, the idealresource to lead and build the data analysis and CA / CCM solutionwould have the following capabilities: Accounting Business processes audit methodologies IT and manual controls knowledge Basic fraud knowledge across major business cycles ERP knowledge Data normalization skills Strong analytical skills Excellent organization & communication skills Programming knowledge21 PwCAgendaWhat are we hearing in the market?The CA Maturity PathWhere to start? What is the difference between CA & CCM?


Related search queries