View
215
Download
0
Category
Tags:
Preview:
Citation preview
Continuous Monitoring as a tool for Fraud Detection
Anton BouwerCQS Technology Holdingsantonb@cqs.co.za
The Market
Agenda
Summary: Keys to Success
Insight & Detail
Continuous Monitoring – Continuous SAP Monitoring
Continuous Monitoring Evolved
Data access Programming knowledge required
Difficult to identify analytics
Difficult to implement analytics
Difficult to automate Difficult to manage
Fraud Detection Defined
Fraud Detection Defined
Fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent.
. Wikipedia – 2011
"… any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.“
Institute of Internal Auditors’ International Professional Practices Framework (IPPF)
Data analysis technology enables auditors and fraud examiners to analyze an organization’s business data to gain insight into how well internal controls are operating and to identify transactions that indicate fraudulent activity or the heightened risk of fraud. Data analysis can be applied to just about anywhere in an organization where electronic transactions are recorded and stored.
ACL - 2011
IPPF Standards
The International Professional Practices Framework (IPPF) contains the following Standards on fraud and internal audit’s role:
1200 – Proficiency and Due Professional Care
1220 – Due Professional Care
2060 – Reporting to Senior Management and the Board
2120 – Risk Management
2210 – Engagement Objectives
Continuous Monitoring Evolved
Data accessProgramming
knowledge required
Difficult to identify
analytics
Difficult to implement analytics
Difficult to automate
Difficult to manage
Just do itImport as often as possible. Each
attempt gets easier. Practice makes perfect FACT: ALL FILES CAN BE ACCESSED!
Establish environment
Obtain user ID Get IT on your side
Scrutinise data tables
Create data dictionaries GOOGLE!!! Maximum 10
tables! (Not 35k)Types of data access methodologies
ODBC SAP Direct Link Report files & PDF XML; XBRL AX Datasource Delimited; DBF
Assumption: Any data table can be accessed.
Kiss
Software Solutions for Financial Integrity and Control
Software Solutions for Financial Integrity and Control
Fable: Programming knowledge required
Software Solutions for Financial Integrity and Control
Fable: Difficult to identify forensic analytics
Types of Analytics in all areas
•SoD•Adherence to control objectives•Accuracy•Completeness (over & under)•Data Quality•Industry specific
Software Solutions for Financial Integrity and Control
Don’t complicate matters!!
Keep it Simple: Can you explain your findings?
Analytic Repositories
ACL
D/B Interface Connectionsfrom AX Core
Enterprise Data
Exceptions distributed via web-based viewer
Apply proven analytics
Forensic InvestigatorsACL Specialist
SQL
ERP
Business Stakeholders
Centralized Investigation Management
• Engagement & Content Management• Automation
• Analytic ProcessingManage All Types of Forensic
Content
ProjectsAnalytics
Data
ExcelWord
Crystal Reports
Audio
PowerPoint
Results
Fable: Difficult to implement, automate & maintain
Case Study
Continuous SAP Fraud Detection
Client Environment & Requirements
• SAP in different countries• Needed standardised analytics for all investigators• Automated data downloads to central repository• Exception management through workflow
Solution – ACL SAP ACLelerator
Software Solutions for Financial Integrity and Control
Data Repository
• AX Link download of SAP tables
Software Solutions for Financial Integrity and Control
ERP
ERP
ERP
ERP
ERP
ERP
ERP
Download from 6
countries AX server in SA and Europe
Encrypted and compressed
Software Solutions for Financial Integrity and Control
Schedule data downloads and
SAP accelerator
Software Solutions for Financial Integrity and Control
Email forensic investigator
when exceptions are
ready for review
Email management
link to findings
Software Solutions for Financial Integrity and Control
Continuous Monitoring Final Solution: Frontend
Used by:Forensic
InvestigatorsInternal AuditExternal AuditManagement
Running Ad-Hoc Investigations
• Running any Analytic on Request • Running Analytics with parameters• View results• Filter source data• Download results
Benefits
• Data available to entire forensic team• Data accuracy and analytic quality assured +
standardised• Forensic skills applied on exceptions, not samples• Business knowledge & understanding increased• Same data used by forensic team, internal audit,
external audit and management• Duplicated payments identified before payment
takes place• Exceptions management enforced through
workflow
ACLerator
Business Integrity, Insight and Beyond
Conclusion• Continuous monitoring is a reality. No fable.• Forensic skills needed; in fact required for CM to succeed• Data access – No mystery; only commitment needed.• Which analytics to include? Large repositories exist, simple
framework• High levels of programming skills required to start? No; cut, paste &
map will do.• Technology exist. Much lower investment required than before• FACT: In 5 years very few forensic departments will function without
continuous monitoring.
Questions at Stand 14
Recommended