2. 2 /
4/3/2013
Operate as a “Center of Excellence”
Transforming the use of analytics through centralized focus
1. IT Infrastructure
2. Access Controls
3. License Managements
4. System Connections
5. Data extractions
6. Project Management
7. Analytics Framework
8. Data Conversion
9. Analytics Execution
10. Investigations
15. Record Retention
16. Policy and Procedures
17. Maintain External Lists
11. Continuous Auditing
18. Quality Reviews
19. Budget Tracking
20. Visualizations
12. Research
14. Training
13. ACL Programming
Role/Skill Ops Analyst Dev
ITOtherExecution
Chief Audit Executive
Audit Manager
Data Analytics Dev Lead
Analyst
Data Analytics Manager
Data Analytics Ops Lead
ACL Programmers
Consultants Consultants
3. 3 /
4/3/2013
Utilize a variety of analytic techniques
Choosing the right approach
Comparison
Reconciliation
Keyword Search
Match versus an external list
Exact match between two tables
Fuzzy match
Analysis
Classification
Trending Analysis
Frequency Analysis
Stratification
Scoring Models
Statistics
Profiling
Benford Analysis
Modeling
Sampling
Regression Analysis
Outliers
Even numbers
Above or right below specific thresholds
X times greater than avg or std deviation
Unusually high/low variances between periods
Exceptions
Duplicate transactions
Sequence Analysis
Split transactions
Recalculations
Rule criteria matches
Dates
Aging analysis / aged transactions
Transactions with specific dates of the week
Transaction with dates out of sequence
Dates or time stamps within specific ranges
4. 4 /
4/3/2013
Invest in documentation
Standard
Operating
Procedure
Process- Data acquisition, validation, execution, QA, delivery
Naming Convention- Projects, files, tables, scripts & fields
Data Repository- Posting of data, ACL projects & results
Policy
Technical
Document
Other
Operating on a solid foundation
Roles & Responsibilities- Define everyone’s contribution in the process
Data Management- Data retention, repository of tests & results
Governance- Change management, access
General- Context, description of test, logic
Technical specs- Technical description, required fields, parameters
Results- Output files, what to do with the results
Data Request- Fields & files need for each analytic
Examples of Analytics- Output files in Power Point
Menu of Services- Description of all the analytics & logic
Database of ERPs & Owners- All systems & IT owners
Version Controls- Tracker with all script changes
5. 5 /
4/3/2013
Use multiple approaches to obtain data
Shortening the cycle with data acquisition techniques
DataRequisitionDirectConnection
DatamartScripts
ProcessApplication
6. 6 /
4/3/2013
Build a toolbox of capabilities
Delivering results by using a complementary suite of functionalities
Extraction
Format
OCR
Keyword Search
1
5
2
6
Tapping into Business Systems
Reading any type of files
Analyzing Documents
Identify docs with keywords
Utility Scripts
Statistical
3
7
Analytic Accelerators
Visualization
Reporting
4
8
Making sense of big data
Delivery method
ACL ODBC…free
Directlink…a must have for SAP
Informatica…nice add on
Unstructured data
Floating trapping
Verification of the conversion
Portability of templates
Linkage to the original report
Converts PDF into text
Allows to audit contracts
Text analytics
Analyze words in all
document types
Collecting information
directly from the archive
Leverage scripts with
standard functionality
Time savers
Maximize expertise
Profiling & modeling
Predictive analytics
Use the power of statistics
Graphs with multiple
dimensions
Use advance visual techniques
Help the audit where to look
Organized result package
Easy to follow reports
Ready to add to the w/ps
7. 7 /
4/3/2013
Run a cost-efficient analytics practice
Delivering value by being better, faster & cheaper
a) – Subjective assessment – this is not based on research
Tips
Connections to Centralized Data
W2W Process, 24 hr shifts, low transitions
Dedicated Dev Team / Project Plans
Tone of the top / Good PR
Automation, outsource
Tactical hints
Dedicated Dev Team
Add value / architect solutions
Collaboration / Analyst with biz knowledge
Availability
KPI
Turnaround Time
Areas Automated
No data from biz required
Cost per Project
% Audits using Analytics
Great-a)
30%-50%
3-5 days
50%-75%
10%-25%
Reasonable
Goal
Good-a)
< 3 days
75%
>50%
Inexpensive
>70%
Measurement Standard
% defects in QA Reviews
# Improvements
NPS
Collaborations
<1%
5 per month
>50
>9
% Issues from Analytics >25%
50-70%
1-5%
1-5
40-50
>8.5
Passionate Team
8. 8 /
4/3/2013
Standardize best scripts for re-use
Leveraging ACL to work again & again
Appending multiple tables
Data Preparation
1
2 Running totals
3 Text standardization
Statistics/profiling
Analysis
5
6 Aging
7 Regression analysis
4 Splitting field into individual words
8 Volume analysis
Even dollar amounts
Outliers
9
10 High standard deviation
11 Suspicious date ranges
12 X Standard Deviation by group
Duplicate transactions
Exceptions
13
14 Keyword search
15 Split transactions
16 Fuzzy match
9. 9 //
4/3/2013
Leverage external lists for tests
Screening
Reference
Hierarchy
Structures
Preferred Vendors
Gov Agencies
PEP/OFAC
MCCs
Banking Calendars
Corruption Index
Consolidation
Employee HR
Reconciliation
Travel Expenses
ERPs
Death Index
Training courses
Adult Entertainment
Physicians
Hospitals
Charities
Using data outside the box
Other
Oracle/SAP
Rulebook
FCPA keyword
Suspicious words
Legal Entities
10. 10 /
4/3/2013
Create an environment of innovation
Unleashing employee creativity as a value creation tool
Work on a project of choice– no approval required
20% of time during off-peak season
Project aligned to priorities/vision
Sponsor Projects
3-5 day lock-out in the same room working on a project
Outside location
Multiple team members working toward a common goal
Time Out
Team collaboration
A person assigned as facilitator
SMEs, Business, auditors & scripter
War room / Agile
Track ideas & enhancements
Frequent brainstorming sessions
Budget for funding new projects
Other
11. 11 /
4/3/2013
Go beyond data
Thousands of data points within one view
Bar Charts
Geocoding
Trending
Heatmap Treemap
Word cloudsBubble
Network
12. 12 /
4/3/2013
Use a variety of analytics modalities
Finding the right approach
Near Real-time Analytics
• Fully Automated
• Tracks exceptions & remediation
Review process globally
• >95 company coverage
• Low-cost… great findings
Beyond numbers
• Derive risk intelligence
• Identify areas for scope adjustment
Continuous Analytics Horizontal Audits Text Analytics
Use analytics for yourself!
• Audit findings, report ratings, ombuds
• Yearly planning process
Machine learning approach
• Use statistics / identify patterns
• Learn to produce a correct output
Visual representation of data
• Relationships, patterns, outliers
• Multiple dimensions display at the
same time
Internal Analytics Predictive analytics Visual Analytics
13. 13 /
4/3/2013
Protects the data
Safeguarding the data as a core competency
Analytics execution within the server
1 Secured server
Restricted access to data & analytic results
Designated folder per each audit
2
Delicate use of data3
Exclusive access
Remove sensitive data Mask the data Provide only exceptions to auditors
3
Other
Document security controls Comply with export controls
4
Certified server
Access only to auditors within the engagement Automatic purging
Period data purge
14. 14 /
4/3/2013
Creates numerous strategic partnerships
Maximizing resources & capabilities
IT
• Efficient Data Acquisition Process
• Effective approach
SMEs
• Operational Expertise
• Unique test frameworks – reduce false positives
Consultants
• Expertise & focus
• Project Management & improvement leaps
Audit Team
• Relevant approach
• Involvement in User Acceptance Testing
Outsiders / Peers
• Free ideas
• Fresh views
ResourcesCapabilities
Vision
Business Leaders
• Free resources
• Future sponsorship
15. 15 /
4/3/2013
Establish a unique employee culture
Sharing common values, attitudes, standards and beliefs
• “Can do” attitude
• Independence
• Sense of urgency
• Critical Thinkers
• Leaders
• Innovators
• Communicators
Values
Behavior
Thinking
Simple
• Diversity
• Passion
• ETDBW
• Trained
• Teamwork
• Collaboration
• Partnership
People
Difference
• Focus on better audits
• W2W
• No ROI
• QA Server / Unicode
• Workflows
• Documented w/ps
• Strong infrastructure