Weitere ähnliche Inhalte Ähnlich wie The Future of Auditing and Fraud Detection (20) Mehr von Jim Kaplan CIA CFE (9) Kürzlich hochgeladen (20) The Future of Auditing and Fraud Detection 1. The Future of Auditing
and Fraud Detection
Rich Lanza | Managing Director
Audit Innovation
© Grant Thornton LLP. All rights reserved.
About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and
Windows devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
IIA Bradford Cadmus Memorial Award
Recipient
Local Government Auditor’s Lifetime
Award
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
1 2
2. © Grant Thornton LLP. All rights reserved.
About AuditNet® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 3,000 Reusable Templates, Audit Programs, Questionnaires, and
Control Matrices
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
Introductions
© Grant Thornton LLP. All rights reserved.
HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners.
Unauthorized usage or recording of this webinar or any of its material is strictly
forbidden.
• If you logged in with another individual’s confirmation email you will not receive
CPE as the confirmation login is linked to a specific individual
• This Webinar is not eligible for viewing in a group setting. You must be logged in
with your unique join link.
• We are recording the webinar and you will be provided access to that recording
after the webinar. Downloading or otherwise duplicating the webinar recording is
expressly prohibited.
• If you meet the criteria for earning CPE you will receive a link via email to download
your certificate. The official email for CPE will be issued via NoReply@gensend.io
and it is important to white list this address. It is from this email that your CPE credit
will be sent. There may be a processing fee to have your CPE credit regenerated if
you did not receive the first mailing.
• Submit questions via the chat box on your screen and we will answer them either
during or at the conclusion.
• You must answer the survey questions after the Webinar or before downloading
your certificate.
3 4
3. © Grant Thornton LLP. All rights reserved.
IMPORTANT INFORMATION
REGARDING CPE!
• ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email
with the link to download your CPE certificate. The official email for CPE will be issued via
NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE
credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial
distribution.
• We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We
highly recommend that you work with your IT department to identify and correct any email delivery
issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system
or a firewall that will redirect or not allow delivery of this email from Gensend.io
• You must opt in for our mailing list. If you indicate you do not want to receive our emails your
registrationwill be cancelled and you will not be able to attend the Webinar.
• We are not responsible for any connection, audio or other computer related issues. You must have
pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which
occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that
you do so immediatelyafter a polling question.
© Grant Thornton LLP. All rights reserved.
The views expressed by the presenters do not necessarily represent the views, positions, or
opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are
for educational purposes only and do not constitute accounting or legal advice or create an
accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet®
makes no representations, guarantees, or warranties as to the accuracy or completeness of the
information provided via this presentation. AuditNet® specifically disclaims all liability for any
claims or damages that may result from the information contained in this presentation, including
any websites maintained by third parties and linked to the AuditNet® website.
Any mention of commercial products is for information only; it does not imply recommendation
or endorsement by AuditNet® LLC
5 6
4. © Grant Thornton LLP. All rights reserved.
Additional Disclaimer
This Grant Thornton LLP presentation is not a comprehensive analysis of the subject matters
covered and may include proposed guidance that is subject to change before it is issued in final
form. All relevant facts and circumstances, including the pertinent authoritative literature, need
to be considered to arrive at conclusions that comply with matters addressed in this
presentation. The views and interpretations expressed in the presentation are those of the
presenters and the presentation is not intended to provide accounting or other advice or
guidance with respect to the matters covered
For additional information on matters covered in this presentation, contact your Grant Thornton
LLP adviser
© Grant Thornton LLP. All rights reserved.
Richard B. Lanza, CPA, CFE, CGMA
• Managing Director in Innovation for Grant Thornton, LLP
• Over 25 years of ACL, Excel and other software usage
• Received the outstanding achievement in business award by the Association of
Certified Fraud Examiners for developing the publication Proactively Detecting
Fraud Using Computer Audit Reports as a research project for the IIA
• Recently was a contributing author of:
• Detecting Corruption with Analytics: A Roadmap – The International
Institute for Analytics
• Global Technology Audit Guide (GTAG #13) Fraud In An Automated
World – Institute Of Internal Auditors.
• Cost Recovery – Turning Your Accounts Payable Department Into A
Profit Center – Wiley And Sons.
• Data Analytics: A Roadmap for Expanding Capabilities (published 2018
in partnership with the IIA's Internal Audit Foundation)
• In 2015, discovered a new textual analytic technique using letters called the
Lanza Approach to Letter Analytics (LALA)TM
The views expressed by the
presenters do not necessarily
represent the views, positions, or
opinions of Grant Thornton, LLP.
These materials, and the oral
presentation accompanying
them, are for educational
purposes only and do not
constitute accounting or legal
advice or create an accountant-
client relationship.
rich.lanza@us.gt.com Richard B. Lanza, CPA, CFE, CGMA
8
7 8
5. © Grant Thornton LLP. All rights reserved.
1
See how analytics (and automation) can maximize the annual audit plan and better
ensure focus is placed on top organizational risks
2 Establish a framework to using analytics and automation across the entire audit lifecycle
Use the general ledger and revenue audit areas as a case study to provide a digital road
map for analytics for detecting fraud (and errors) within the organization.
Learning objectives
9
3
© Grant Thornton LLP. All rights reserved.
POLLING QUESTION 2
9 10
6. © Grant Thornton LLP. All rights reserved.
Central Services
5 accelerators
transforming
audit
delivery
11
Blockchain
Technology
Artificial
Intelligence
Data Analytics
Automation
Precise risk assessment, enhanced audit evidence, and
fraud testing
Automation of routine audit procedures
Document analysis
Automatic confirmation of
transactions and valuations
Specific work done by COEs and Bangalore
© Grant Thornton LLP. All rights reserved.
Value proposition
12
Why?
How?
People
Process
Technology
Insights
Efficiency
Analytics
Automation
A.I.
11 12
7. © Grant Thornton LLP. All rights reserved.
Analytics programs
13
IRP
Issuer risk profiling
• Predictive analytics
• Financial reporting fraud
• Restatement
• Material weakness
• Bankruptcy
• Governance concerns
• Litigation
FSP
Forensic support program
• Forensic & analytics expertise
applied to selected audits
• Fraud brainstorming
• Incremental / tailored
management inquiry
• Journal entry testing
• Tailored analytics
ADA
Audit data analytics
• Whole ledger analytics
• Transactional scoring
• Account combinations
• Numerical / digital
• Text / letter
• Semantic
© Grant Thornton LLP. All rights reserved.
Issuer risk profiling
14
Accounting Risk
• Earnings quality
• Expense timing ratios
• Valuation risk
• Solvency & liquidity
• Operational benchmarking
• Forensic measures
Corporate Governance Risk
• Ownership
• Compensation
• Officer turnover
• Related parties
• Disclosure quality
• Governance structure
• Tone at the top
Business Risk/ Complexity
• Mergers & acquisition
• IPOs / debt offerings
• Industry/ geopolitical
• Reorganizations
Results
Probability of
restatement
Issuers with restatements had
7.9x the average assessed probability
Probability of
material weakness
Issuers with material weaknesses had
5.2x the average assessed probability
Distress ratings 80% of issuers with bankruptcies scored in
top 10% of distress risk model one year prior
13 14
8. © Grant Thornton LLP. All rights reserved.
POLLING QUESTION 1
© Grant Thornton LLP. All rights reserved.
BankruptcyRisk
Accounting Risk
16
15 16
9. (Automated)
Audit Data Analytics
© Grant Thornton LLP. All rights reserved.
Whole ledger analytics:
transactional scoring
18
Top entries SCORE_RATIO INC_STMT_IMPACT BAL_SHEET_IMPACT Description Posting Date
1 0.338 (216,678.08) 216,678.08 To balance to subledger 12/31/2016
Abs.Income
StatementImpact
Risk Score Ratio
17 18
10. © Grant Thornton LLP. All rights reserved.
Whole ledger analytics:
account combinations
19
The top 20 combinations account for 86% of JE line items
Journal lines % of total
Total journal entry lines 1,558,112 100%
Line items with zero income
statement impact
136,930 9%
Top 20 account combinations 1,338,811 86%
Remaining 322 account
combinations
82,371 5%
Top combination:
TOTAL_JE_TRANS GL_AccountDr1 GL_AccountCr1
927,956 COGS Inventory
© Grant Thornton LLP. All rights reserved.
Whole ledger analytics: digital analysis
20
Frequency
Two Digit Combination
----Current Year ----Prior Year
Change in digits was driven by
change in pricing strategy on
key product line.
19 20
11. © Grant Thornton LLP. All rights reserved.
Whole ledger analytics:
Textual analysis: “The Benford’s Law of Words”
Word usage in
ledger
• Same words
tend to occur
year over year
• Changes may
indicate some
change in the
client that
could affect
risk
assessment
21
F
FE
Interactive Data
Whole Ledger Analytics Dashboard
21 22
12. © Grant Thornton LLP. All rights reserved.
Use transactional
scores to
compare risks
across business
units
WLA Benefits
23
Trend the
general ledger
against
expectations
Evaluate
meaningful
transactions
instead of
random samples
Identify
manual
journal entry
activity that
could be
automated
Trend journal
entry risk
scores by
user
Conduct a more
thorough risk
assessment
Identify risks of
management
override of
internal
controls
© Grant Thornton LLP. All rights reserved.
POLLING QUESTION 2
23 24
13. © Grant Thornton LLP. All rights reserved.
Other Analytics Solutions
25
ACCOUNTS PAYABLE
Performs control
analysis, proactive fraud
testing through vendor
risk ranking and cost
recovery detection for
the procure to pay
process.
75 SCRIPTS
REVENUE
Identifies revenue
transactions that
indicate a higher risk of
material misstatement
as well as control
analysis.
50 SCRIPTS
P-CARD
Identify risky P-Card
transactions and usage
behaviors.
30 SCRIPTS
TRAVEL & EXPENSE
Analyze travel and
expense data to identify
inappropriate or
suspicious employee
expenses, and manage
T&E efforts.
20 SCRIPTS
FCPA Third Party
Vendor
Risk-rank vendors by
elements of risk that
may result in a FCPA
violation, individual
vendor analysis and
predictive analytics to
predict transactions
costs by vendor.
25 SCRIPTS
© Grant Thornton LLP. All rights reserved.
Next generation – revenue analytics
26
Volatility analysis for businesses expecting consistency at customer or contract level:
• Automation calculates z-score for customer in each period and compares to current or prior periods
• Customers with volatility are notable
25 26
14. © Grant Thornton LLP. All rights reserved.
Audit evidence from external data
27
Sales Correlates with:
Client Website Traffic + App Usage
Account Openings Correlate with:
Web Search for Client Name + App Downloads
© Grant Thornton LLP. All rights reserved.
Changing the Nature of Risk Management
Before Adjustments to Microsoft Control (user
access control):
• User access for SAP sampled at 25 users per
quarter, catching potential access issues every
three months
• Excessive time spent testing – 2 hours per
control per year
Automated control monitoring
using advance analytics –
efficient value protection
Sample based control testing -
basic risk management
Partial Assurance
Before
2 hours per control
Value Protection
After
<5 minutes per control
Manual Compliance Assessment Automated Compliance Monitoring
After Adjustments to Microsoft Control (user
access control):
• SAP user access tested at 100%, in real time
• Testing performed in seconds or minutes
• Microsoft responds to user access
problems in real time – as opposed to
quarterly
Pass / Fail
Control 1 Pass
Control 2 Pass
Control 3 Pass
Control 4 Fail
Control 5 Pass
Time savings of 95%+ per control
– from risk mitigation to value protection
Efficiency
Value Protection
Before
After
28
27 28
15. © Grant Thornton LLP. All rights reserved.
Benchmarking WLA for machine learning
• Journal Statistic Examples
• Average lines per journal
• % of journals posted by day
• Average income effect per journal
• User Statistic Examples
• Average entries per user per day
• % of manual to automated entries
• WLA Result Examples
• Entries and line items by WLA report (e.g., round dollar journals)
• Risk score average, median and standard deviation
29 © Grant Thornton LLP. All rights reserved.
GTTAT (Grant Thornton Text Analysis Tool)
Laying the foundation for machine reading
Capability The benefits
Word Search
• Searches for words and phrases with wildcards / regular expressions
• Allows for a document review with highlighted words detected
Word Summary
N-Gram Summary
• Summarizes all words and n-grams (phrases)
• Organizes the results by document searched for further Excel review
Document Similarity
• Uses similarity to calculate the difference between two documents
• Identifies documents that are dissimilar based on a standard document
Text Extraction • Combines text of multiple documents into one text document
30
Identify key
phrase
Compare
provisions
to baseline
Visualize
context
Score
similarity
Read documentsCompile document
library
Grant Thornton Text
Analysis Tool
29 30
17. © Grant Thornton LLP. All rights reserved.
Process Characteristics for RPA
33 © Grant Thornton LLP. All rights reserved.
Analyze
Report
Transform
Validate
System Specific Scripts
Ensures complete
& accurate client data
Extract
End-to-End automation
Whole Ledger Analytics
34
Auto Map and Tag
Calculated fields, entry types
Pre-Set Quality Tests
DR = CR, G/L
completeness testing
Scripted Analytics
100+ analytics organized
into four areas
Pre-Formatted Workpapers
Excel spreadsheets, Power BI,
mobile apps
Audit Team Interaction
Data + auditor expertise =
quality and insights
Assess and Enhance
190+ benchmarks for
insights and efficiency
Augment
Benchmark
33 34
18. © Grant Thornton LLP. All rights reserved.
Data acquisition
Example: data
acquisition scripts
developed to extract
GL and subledger
data
Generated data acquisition script
• Extracted each of the required fields for multiple entities
seamlessly
• Eased the transfer of the information through more efficient
formats
• Automated the mapping of data and completeness testing,
improving quality
Value to our client
• Reduced demand on valuable IT resources
• Increased the speed at which we were able to process data
and provide requests to client
Transform
Validate
Extract
35
© Grant Thornton LLP. All rights reserved.
POLLING QUESTION 3
35 36
19. © Grant Thornton LLP. All rights reserved.
Overcoming Data Challenges
• Normalizing data is 80% of the time (in the beginning)
• Data is in every process
• It may not be ERP / It may be in your “Big Data”
• 90% of data is text
• Audit (Internal & External) is the best partner to get the data
• They are independent / Not proving the data is a scope limitation
• Tend to establish the most secure data warehouses
37 © Grant Thornton LLP. All rights reserved.
Automated Data Normalization
• Store procedures for data cleanup once
• Create a normalized set of data fields named by YOU
• Ensure data quality tests are run prior to analysis
• Automate these routine tasks to increase analyst’s time
• Enrich the data by organizing it by type codes
38
37 38
20. © Grant Thornton LLP. All rights reserved.
Automating Data E.T.L.
• All of the Company's data is captured in an SAP G/L
• Audit team had to budget almost 100 hours just on importing and combining
various report extracts
• Data analytics and innovation were introduced in the current year audit
• Data import process was reduced from 25 hours /quarter to only 2
hours/quarter
39 © Grant Thornton LLP. All rights reserved.
G/L Completeness Toolkit
Automatically produces an Excel file:
• Tests completeness by G/L account consistently (no more Vlookups)
• Produces separate file of differences
• Identifies new, missing and blank G/L accounts / descriptions
600+ signups
39 40
21. © Grant Thornton LLP. All rights reserved.
Workflow automations
41
Example:
property, plant
and equipment
Performs audit procedures:
• Prepares fixed asset rollforward
• Reconciles to general ledger
• Recalculates depreciation expense
• Identifies most efficient selection approach
• Generates selection for test of details
Scans for notable activity:
• Disposals in ending sub ledger
• Additions disposed of in the same year
• Assets whose standard life deviates from the norm
© Grant Thornton LLP. All rights reserved.
Continuous automation
42
Example:
confirming
customer activity
and balances
Generated hundreds of confirmations in under 3 minutes
• Extracted each customer's transaction and balance detail
• Prepared and distributed e-mail confirmations
• Provided customers with one-click confirmation option
Processed responses automatically
• Electronically logged replies to confirmations
• Created automated workpapers
Bespoke automation
solution was designed,
developed, and deployed
in less than one week
41 42
22. © Grant Thornton LLP. All rights reserved.
Changing the Nature of Risk Management
Before Adjustments to Microsoft Control (user
access control):
• User access for SAP sampled at 25 users per
quarter, catching potential access issues every
three months
• Excessive time spent testing – 2 hours per
control per year
Automated control monitoring
using advance analytics –
efficient value protection
Sample based control testing -
basic risk management
Partial Assurance
Before
2 hours per control
Value Protection
After
<5 minutes per control
Manual Compliance Assessment Automated Compliance Monitoring
After Adjustments to Microsoft Control (user
access control):
• SAP user access tested at 100%, in real time
• Testing performed in seconds or minutes
• Microsoft responds to user access
problems in real time – as opposed to
quarterly
Pass / Fail
Control 1 Pass
Control 2 Pass
Control 3 Pass
Control 4 Fail
Control 5 Pass
Time savings of 95%+ per control
– from risk mitigation to value protection
Efficiency
Value Protection
Before
After
43 © Grant Thornton LLP. All rights reserved.
404: Training Data Not Found
• Robots are not perfect; and will fail, behave unexpectedly and trip
over their own feet (just like me from time to time).
• Robots will never replace auditors; but instead will make their jobs
easier and allow them more free time to innovate.
44
Image from the DARPA
Robotics Challenge
43 44
23. © Grant Thornton LLP. All rights reserved.
POLLING QUESTION 4
© Grant Thornton LLP. All rights reserved.
Start with what you have
Your data can be a rich source
of insights and business
intelligence. Inexpensive tools
can be used to get started in
analyzing this data.
Ask for help.
There is no need to go it alone;
we love solving problems and
helping clients to
innovate. Having innovative
clients helps us to innovate and
create even more value. It’s a
virtuous cycle.
Lessons Learned
46
Demonstrate value
early and often.
Smaller wins can fund bigger
wins and help foster
institutional momentum.
45 46
24. © Grant Thornton LLP. All rights reserved.
Sample Auditor of the Future Skillsets
• Ability to reimagine the audit
• Data analytics mindset
Asking the right questions
Extracting, transforming and loading relevant data
Applying appropriate data analytics techniques
Interpreting and sharing the results with stakeholders
• Critical thinking (questioning mind, weighing evidence)
• Communication:
• Interaction with a team and with the client (asking the right question and listening)
• Writing – communication of facts and articulation of persuasive argument
• Ability to collaborate with people of different geographies and varying skill sets
• Selling new innovation / change management
47 © Grant Thornton LLP. All rights reserved.
Questions
48
47 48
25. © Grant Thornton LLP. All rights reserved.
AuditNet® and cRisk Academy
49
• If you would like forever access to
this webinar recording
• If you are watching the recording,
and would like to obtain CPE
credit for this webinar
• Previous AuditNet® webinars are
also available on-demand for CPE
credit
http://criskacademy.com
http://ondemand.criskacademy.com
Use coupon code: 50OFF for a
discount on this webinar for one week
© Grant Thornton LLP. All rights reserved.
Thank You!
50
Jim Kaplan
AuditNet® LLC
1-800-385-1625
Email: webinars@auditnet.org
www.auditnet.org
Richard B. Lanza, CPA, CFE, CGMA
Contact Information
D: +1 732 516 5527
M: +1 732 331 3494
Email: rich.lanza@us.gt.com
49 50