Prior continuous auditing research focused on detecting exceptions efficiently
We need to develop a classification hierarchy or ranking of detected exceptions to limit the need for human intervention.
The 2015 Caterpillar EH&S Conference was held in Clearwater, FL. CAT Dealer EH&S staff from across the country collaborated at this four day event. This talk covers typical environmental compliance issues for CAT Dealers.
Building a Compliance System for your BusinessSarah Sajedi
All businesses need to manage compliance tasks - audits, inspections, permits, etc. - here's how to build a compliance management system for your business.
This presentation gives you a brief overview of the safety processes that need to be put in place and also the importance of safety in the today’s world. Further it also elaborates on the scope of EHS software in factories and its growing awareness across industry verticals.
The 2015 Caterpillar EH&S Conference was held in Clearwater, FL. CAT Dealer EH&S staff from across the country collaborated at this four day event. This talk covers typical environmental compliance issues for CAT Dealers.
Building a Compliance System for your BusinessSarah Sajedi
All businesses need to manage compliance tasks - audits, inspections, permits, etc. - here's how to build a compliance management system for your business.
This presentation gives you a brief overview of the safety processes that need to be put in place and also the importance of safety in the today’s world. Further it also elaborates on the scope of EHS software in factories and its growing awareness across industry verticals.
Building a Climate Resilient Business: Managing Risks & Exploit Opportunities...Enhesa
Climate change is affecting business’ bottom line globally. Big business recognises the need to both adapt to become resilient to today’s weather and tomorrow’s climate and plan for opportunities, as well as to reduce carbon emissions through mitigation.
Enhesa, in partnership with Ecofys, hosted a complimentary webinar that highlighted recent regulatory developments and policy challenges worldwide, focused on how climate change impacts are already affecting big business and the associated costs, as well as the opportunities, changing policy frameworks and potential legal liabilities of not taking climate actions.
During this webinar we explored:
-The regulatory landscape of climate change policy and initiatives worldwide
-Examples of global changes in weather and climate affecting businesses today
-Risks of not adapting
-Physical, legal, financial and transitional risks if a company does not adapt
-Case law on legal liabilities
-Market opportunities that can be optimized when companies improve their resilience
-Science-based GHG targets while learning how to align your GHS reduction targets with a 2°C climate goal
-Reasons why companies are setting ambitious GHG reduction targets
-Mitigation measures
-What internal and external carbon prices are driving mitigation actions of companies
-Case studies of companies setting science-based GHG reduction targets and their climate actions
This presentation looks at the year ahead from the perspective of EH&S professionals. Look here for in-depth analysis of the results from a recent survey Triumvirate Environmental conducted to find out what the greatest trends, challenges and priorities are for EH&S professionals in 2016.
OSHA Top Ten - 2016 NEWEA Annual ConferenceDavid Horowitz
OSHA releases its Top Ten most cited standards on an annual basis. This presentation discussed the Top ten as it applies to water & wastewater treatment plants.
Successful EHS Auditing Insights from a Client's PerspectiveAntea Group
Antea Group presented a panel discussion at the 2016 Institute of Internal Auditors Environmental Health & Safety Exchange on how EHS audits fit into the full picture of an organization's risk, why audits are needed, what types of audits exist, and auditing methodology and communication. For more information, see http://us.anteagroup.com/en-us/services/operational-performance-and-assurance/environmental-audits-and-assessments
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...Ed Sattar
Welcome everyone- In an environment where the demise of major institutions, impact of GHG, impact on the environment through events such as mocondo and utilities blow outs and how its effects the lives of human beings has led to stricter regulations in major industries and countries around the world, therefore, the word “ Operational Risk & Regulatory Change Management” has become an all-important language in the world of EHS that can make or break the organization, its officers, its people, its customers and the communities we live in
The purpose of this presentation is to share with you how regulatory changes impact operational risk and further, share best practices and insights in how to build an operational risk and regulatory change management model, and a management system, irrespective of the regulation type, standards and corporate objectives that you may be subjected to
Operational Risk is the risk of a change in value of losses incurred due to failed processes, People and systems and these risks include environmental, health & Safety , legal and quality risks.
More at www.EdSattar.com
My business processes are deviant! What should I do about it?Marlon Dumas
Talk about deviance mining and predictive monitoring of business processes. Delivered at the Second European BPM Roundtable, Liechtenstein, 15 May 2014.
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
Recent high profile material weakness disclosures have left some wondering: who’s next? The session will provide background on the causes and impacts of the material weakness and then focus on effective controls on financial reporting. We’ll spend most of the time discussing case study scenarios of common pitfalls when developing controls.
At the conclusion of the session, attendees will be able to:
• Identify the common causes of significant deficiency and material weakness audit opinions;
• Evaluate the impact of a material weakness assessment on audit fees and other financials; and
• Develop a plan to prevent or remediate a material weakness assessment.
2018 Val Act: Session 22 - Material weaknessAlex Hovi
Avoiding the material weakness: Case studies in developing effective controls.
Originally presented by Melanie Dunn and Mark Spong at the 2018 Valuation Actuary Symposium.
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
Presented by: Chris Unton, Midwest ISO (MISO)
Abstract: MISO embarked on a structured, comprehensive process improvement program to make advancements in cyber security risk reduction as well as CIP compliance. The program utilizes the Six Sigma framework to reduce process defects and gain efficiencies. The 13 month effort comprises process level health checks; assignment of functional roles, responsibilities, and oversight; cross-functional process improvement events; and training/awareness curriculums to lock in the improvements. As a result, MISO not only is strengthening its cyber security and compliance posture, but also positioning the company for a smoother adoption of controls based audits when applicable. In this presentation, Mr. Unton will walk through the process and show how this has been instrumental in greatly enhancing MISO’s security and compliance environment.
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Nimonik
Nimonik has 7 step process to ensure thorough and comprehensive regulatory compliance for environmental, occupational health and safety and quality requirements for your organization. By following these steps, you will reduce your operational risk and optimize your processes to become a proactive compliance company. This presentation also covers compliance risks such as accidents and penalties, challenges that organizations face along with a case study of Lac Megantic Oil Train Car disaster in July 2013 that killed 47 people and spilled 6 million litres of oil.
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsCaseWare IDEA
Presenter: Lenny Block, Associate VP, Internal Audit, NASDAQ
While the majority of internal audit leaders and C-suite executives agree data analytics is important to strengthening audit coverage, only a small percentage of organizations are actively using data analytics regularly. Why is that? This webinar will explore challenges and barriers associated with starting, sustaining and expanding the use of data analytics to improve audit coverage.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
Building a Climate Resilient Business: Managing Risks & Exploit Opportunities...Enhesa
Climate change is affecting business’ bottom line globally. Big business recognises the need to both adapt to become resilient to today’s weather and tomorrow’s climate and plan for opportunities, as well as to reduce carbon emissions through mitigation.
Enhesa, in partnership with Ecofys, hosted a complimentary webinar that highlighted recent regulatory developments and policy challenges worldwide, focused on how climate change impacts are already affecting big business and the associated costs, as well as the opportunities, changing policy frameworks and potential legal liabilities of not taking climate actions.
During this webinar we explored:
-The regulatory landscape of climate change policy and initiatives worldwide
-Examples of global changes in weather and climate affecting businesses today
-Risks of not adapting
-Physical, legal, financial and transitional risks if a company does not adapt
-Case law on legal liabilities
-Market opportunities that can be optimized when companies improve their resilience
-Science-based GHG targets while learning how to align your GHS reduction targets with a 2°C climate goal
-Reasons why companies are setting ambitious GHG reduction targets
-Mitigation measures
-What internal and external carbon prices are driving mitigation actions of companies
-Case studies of companies setting science-based GHG reduction targets and their climate actions
This presentation looks at the year ahead from the perspective of EH&S professionals. Look here for in-depth analysis of the results from a recent survey Triumvirate Environmental conducted to find out what the greatest trends, challenges and priorities are for EH&S professionals in 2016.
OSHA Top Ten - 2016 NEWEA Annual ConferenceDavid Horowitz
OSHA releases its Top Ten most cited standards on an annual basis. This presentation discussed the Top ten as it applies to water & wastewater treatment plants.
Successful EHS Auditing Insights from a Client's PerspectiveAntea Group
Antea Group presented a panel discussion at the 2016 Institute of Internal Auditors Environmental Health & Safety Exchange on how EHS audits fit into the full picture of an organization's risk, why audits are needed, what types of audits exist, and auditing methodology and communication. For more information, see http://us.anteagroup.com/en-us/services/operational-performance-and-assurance/environmental-audits-and-assessments
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...Ed Sattar
Welcome everyone- In an environment where the demise of major institutions, impact of GHG, impact on the environment through events such as mocondo and utilities blow outs and how its effects the lives of human beings has led to stricter regulations in major industries and countries around the world, therefore, the word “ Operational Risk & Regulatory Change Management” has become an all-important language in the world of EHS that can make or break the organization, its officers, its people, its customers and the communities we live in
The purpose of this presentation is to share with you how regulatory changes impact operational risk and further, share best practices and insights in how to build an operational risk and regulatory change management model, and a management system, irrespective of the regulation type, standards and corporate objectives that you may be subjected to
Operational Risk is the risk of a change in value of losses incurred due to failed processes, People and systems and these risks include environmental, health & Safety , legal and quality risks.
More at www.EdSattar.com
My business processes are deviant! What should I do about it?Marlon Dumas
Talk about deviance mining and predictive monitoring of business processes. Delivered at the Second European BPM Roundtable, Liechtenstein, 15 May 2014.
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
Recent high profile material weakness disclosures have left some wondering: who’s next? The session will provide background on the causes and impacts of the material weakness and then focus on effective controls on financial reporting. We’ll spend most of the time discussing case study scenarios of common pitfalls when developing controls.
At the conclusion of the session, attendees will be able to:
• Identify the common causes of significant deficiency and material weakness audit opinions;
• Evaluate the impact of a material weakness assessment on audit fees and other financials; and
• Develop a plan to prevent or remediate a material weakness assessment.
2018 Val Act: Session 22 - Material weaknessAlex Hovi
Avoiding the material weakness: Case studies in developing effective controls.
Originally presented by Melanie Dunn and Mark Spong at the 2018 Valuation Actuary Symposium.
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
Presented by: Chris Unton, Midwest ISO (MISO)
Abstract: MISO embarked on a structured, comprehensive process improvement program to make advancements in cyber security risk reduction as well as CIP compliance. The program utilizes the Six Sigma framework to reduce process defects and gain efficiencies. The 13 month effort comprises process level health checks; assignment of functional roles, responsibilities, and oversight; cross-functional process improvement events; and training/awareness curriculums to lock in the improvements. As a result, MISO not only is strengthening its cyber security and compliance posture, but also positioning the company for a smoother adoption of controls based audits when applicable. In this presentation, Mr. Unton will walk through the process and show how this has been instrumental in greatly enhancing MISO’s security and compliance environment.
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Nimonik
Nimonik has 7 step process to ensure thorough and comprehensive regulatory compliance for environmental, occupational health and safety and quality requirements for your organization. By following these steps, you will reduce your operational risk and optimize your processes to become a proactive compliance company. This presentation also covers compliance risks such as accidents and penalties, challenges that organizations face along with a case study of Lac Megantic Oil Train Car disaster in July 2013 that killed 47 people and spilled 6 million litres of oil.
Audit: Breaking Down Barriers to Increase the Use of Data AnalyticsCaseWare IDEA
Presenter: Lenny Block, Associate VP, Internal Audit, NASDAQ
While the majority of internal audit leaders and C-suite executives agree data analytics is important to strengthening audit coverage, only a small percentage of organizations are actively using data analytics regularly. Why is that? This webinar will explore challenges and barriers associated with starting, sustaining and expanding the use of data analytics to improve audit coverage.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
SOD conflict mitigation is a complex subject considering present manpower constraints and lack of technical understanding of core SAP domain. It is a mix of BPR and Technology together where process as well as IT knowledge is must to encounter this specialized area.
Process Mining and Predictive Process MonitoringMarlon Dumas
Presentation delivered at the Second Colombian Forum on Business Process Management, University of Los Andes, Bogotá, 22 June 2018 - https://sistemas.uniandes.edu.co/en/foros-isis/temas-foros-isis/bpm/foro-2/80-foros-isis/bpm
Chapter 10 of ICT Project Management based on IOE Engineering syllabus. This chapter includes topic related to quality theories, quality planning, cost of quality and more on quality management of project. Provided by Project Management Sir of KU.
The Benefits of Applying Lean Sigma for ServiceWillie Carter
Lean Six Sigma is a methodology that combines the principles of Lean manufacturing and Six Sigma quality management to improve efficiency, reduce waste, and enhance customer satisfaction in various organizations, including service organizations. While originally developed for manufacturing industries, Lean Six Sigma has been adapted and successfully applied in service sectors such as healthcare, finance, hospitality, and logistics.
The primary goal of Lean Sigma in service organizations is to identify and eliminate non-value-added activities, streamline processes, and enhance overall service delivery. It aims to create a customer-centric approach by focusing on customer requirements and continuously improving the quality and efficiency of services.
Lean Sigma utilizes a data-driven and systematic approach, incorporating various tools and techniques for problem-solving and process improvement.
By applying Lean Sigma principles in service organizations, companies can achieve benefits such as improved customer satisfaction, reduced lead times, increased productivity, enhanced quality, and cost savings. The methodology provides a structured framework to identify and eliminate waste, optimize processes, and deliver exceptional service to customers.
Enhancing Service Quality: Implementing Lean SigmaWillie Carter
Lean Sigma combines Lean and Six Sigma methodologies, benefiting service businesses in several ways (1) Streamlines processes, reducing waste and lead times, (2) improves service quality, response times, and consistency, (3) identifies and eliminates unnecessary costs, improving profitability, (4) uses data and analysis to inform decisions and improve performance, (5) involves employees in problem-solving, boosting morale and productivity, (6) involves employees in problem-solving, boosting morale and productivity, and (7) delivers higher-quality services more efficiently, gaining market share and loyalty.
Overall, Lean Sigma offers service businesses a systematic approach to improving efficiency, quality, and customer satisfaction, ultimately driving profitability and competitiveness in the marketplace.
Similar to Exceptional Exceptions - 12th CONTECSI 34th WCARS (20)
Planejamento e gestão de indicadores para projetos digitais - Workshop 12th C...TECSI FEA USP
Planejamento e gestão de indicadores para projetos digitais
Objetivos de um projeto digital
•Técnicas de operação de dados
•Metodologia 5W2H
•Caso de uso
Programa de Apoio às Publicações Científicas Periódicas da USP - 12th CONTECSI TECSI FEA USP
O Programa de Apoio às Publicações Científicas Periódicas da USP, vinculado ao Sistema Integrado de Bibliotecas, destina-se a promover políticas institucionais e ações que estimulem o aperfeiçoamento, a preservação e a profissionalização das publicações científicas periódicas, editadas oficialmente por Unidades,
The ladder of Citizens ‘smartness’ Citizens participation in smart cities - 1...TECSI FEA USP
Citizens can engage in trade-offs with powerholders (Partnership), obtain the majority of decision-making seats (Delegated Power), or full managerial power (Citizen Control).the havenots are allowed to hear (In-forming), to have a voice (Consultation) and to ad-vise, but the powerholders retain the right to decide (Placation)
Papel de los vocabularios semánticos en la economía en red - 12th CONTECSI TECSI FEA USP
Papel de los vocabularios semánticos en la economía en red
1º Congresso Internacional em Tecnologia e Organização da Informação
José A. Moreiro-González
Motivation entails the development of a program that automatically performs clustering and outlier detection for a wide variety of numerically represented data.
Sistema Autenticador e Transmissor (SAT): modelo tecnológico de automação e c...TECSI FEA USP
Oferecer um modelo tecnológico de automação e controle de processos em cidades inteligentes, alicerçado em propriedades voltadas a uma aplicação transversal em setores que demandam a geração de dados com estabelecimento de regras e a transmissão segura a sistemas centrais.
Co-production: an opportunity toward better digital governance - 12th CONTECSI TECSI FEA USP
MINISTÉRIO DO PLANEJAMENTO Secretaria de Logística e Tecnologia da Informação Wagner Silva de Araujo Brasília: Co-production: an opportunity toward better digital governance.
Text Mining and Continuous Assurance Kevin Moffitt - 12th CONTECSI 34th WCARSTECSI FEA USP
Continuous Assurance
• Allows for the automated and frequent review of business data
• Current focus is on the structured data
– General ledgers
– Financial statements
– XBRL
• However, we cannot ignore the information found in unstructured data
–Textual data, for example narrative portion of financial disclosures
• Up to 85% of the data in financial disclosures is in the form of text
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
3. Background
• Audit by Exception (Vasarhelyi and Halper, 1991)
• Continuous Auditing literature is rich with studies that propose
statistical and machine learning techniques to identify
exceptions (Dull et al., 2006; Groomer & Murthy, 1989a; Alexander Kogan et al.,
1999; Vasarhelyi & Halper, 1991)
• Problem?
• Result?
35/31/201534th WCARS
Large numbers of Exceptions!
-Information overload!
-Ambiguity
-Information relevance
4. Motivation & Contribution
Motivation:
• Prior continuous auditing research focused on detecting
exceptions efficiently
• We need to develop a classification hierarchy or ranking of
detected exceptions to limit the need for human intervention
Contribution:
• Fill the gap in the continuous auditing literature with regards to
providing the human users with assistance in dealing with
large number of exceptions
• Propose exceptions prioritization methodologies
45/31/201534th WCARS
5. Relevant Literature-Exceptional Exceptions
• Analysis usually yields large amounts of exceptions, causing
information overloads due to sub-optimal business processes
or over-conservative CA/CM system (Alles et al 2006, 2008 ;
Debreceny et al. 2003)
• Human users perform complex aggregation and processing
tasks poorly (Iselin, 1988; Kleinmunitz, 1990)
• Murthy 2012 emphasized the lack of and need for studies
addressing the problem of large numbers of exceptions
55/31/201534th WCARS
7. Motivation, Research Questions, & Findings
Motivation:
• Plenty of studies for exception identification, few address processing
• Majority of expert systems assign the same weight to rules
• HOWEVER: business rules, and accordingly their violations, do not have
the same importance
Research Questions:
1. How can we integrate the judgment of the domain experts (in this case the
auditors) in a rule-based expert system?
2. How can we develop a weighting system for the various rules in that expert
system?
3. How can we use this weighting system to prioritize exceptions?
75/31/201534th WCARS
11. Rule-Based System
• Set of IF-THEN rules
• Popularity stems from simplicity, interpretability, flexibility
• Data: Simulated Order to Cash data
• Originally 33 analytics, narrowed down to 12 by experienced
auditors
• 12 analytics can be categorized as tests for:
– Segregation of duties
– Unauthorized transactions
– Missing documents
– Non-matching documents.
115/31/201534th WCARS
12. Rules Weights Inference
• Business rules and accordingly their violations, do not have
the same significance
• 28 participants with 3 and more years of experience:
– Conduct 17 pairwise comparisons
– Select the transaction they believe to present higher control risk
– Provide justification if their assessment
125/31/201534th WCARS
Customer
Transaction
ID
Custom
er ID
Invoice
Number
Invoice
Date
Created
by
Inventory
Item ID
Invoice
Selling
Price
Invoiced
Amount
Shipment
ID
Shipment
document
Created By
Shipment
document
Approved By
10034 1146
10001203 10/15/1997 1546 63
800
9600 10000877 1002 1546
4110 1000
10000262 3/1/1998 1117 628
600
1800
SOD Missing Values
(Orphaned invoices)
13. Rules Weight Inference-LP
• Special Case Linear Program
– 16 pairs
– Each transaction can violate one and only one
• General Case Linear Program
– 17 pairs
– One transaction violated two rules
135/31/201534th WCARS
14. Exceptions Identification & Prioritization
Identification:
• Apply expert system to the whole population to find all the records
that violate one or more rules
• Remaining records are assumed to be normal, thus presenting
negligible risk
Prioritization:
• Calculate the Suspicion Score for each exception such that:
145/31/201534th WCARS
16. Investigation & Feedback
Investigation:
• Auditors are provided with Prioritized exceptions
• Scope of investigation depends on their time/budget
constraints
Feedback:
• Helps adjusting the rules that make up the expert system.
• Enables us to modify the weights of the rules according to the
audit teams’ findings
– incorporated as a new set of constraints in the general case Model
• Effect of the original experiment will decrease over time with
more feedback from auditors
165/31/201534th WCARS
17. Weights –Special vs. General Models
175/31/201534th WCARS
• Excessive Write offs ranked highest
• SOD in general ranked low
• Rules with direct impact on financial numbers ranked high
• Operational controls ranked low
Analytic Special Case Model General Case Model
Weight Rank Weight Rank
Analytic_1_SOD_Customers 1.00 11 1.00 11
Analytic_2_Unauthorized_Sales_Order 2.86 2 2.71 3
Analytic_3_Unathorized_Price 1.38 9 1.35 9
Analytic_4_SOD_Credit_Adjustment 1.21 10 1.20 10
Analytic_5_Match_Shipping_to_SO 1.79 8 1.72 8
Analytic_6_Match_Invoice_to_Ship 2.33 4 2.22 5
Analytic_7_Missing_Sales_Orders 2.31 5 3.18 1
Analytic_8_Unauthorized_Shipments 2.27 6 2.17 6
Analytic_9_SOD_Ship_Invoice 1.88 7 1.81 7
Analytic_10_Orphaned_Invoices 2.85 3 2.70 4
Analytic_11_SOD_Invoice_Receipt 1.00 12 1.00 12
Analytic_12_Excessive_Write_Offs 3.11 1 2.94 2
Analytic
Special Case Model General Case Model
Weight Rank Weight Rank
Analytic_12_Excessive_Write_Offs 3.11 1 2.94 2
Analytic_2_Unauthorized_Sales_Order 2.86 2 2.71 3
Analytic_10_Orphaned_Invoices 2.85 3 2.7 4
Analytic_6_Match_Invoice_to_Ship 2.33 4 2.22 5
Analytic_7_Missing_Sales_Orders 2.31 5 3.18 1
Analytic_8_Unauthorized_Shipments 2.27 6 2.17 6
Analytic_9_SOD_Ship_Invoice 1.88 7 1.81 7
Analytic_5_Match_Shipping_to_SO 1.79 8 1.72 8
Analytic_3_Unathorized_Price 1.38 9 1.35 9
Analytic_4_SOD_Credit_Adjustment 1.21 10 1.2 10
Analytic_1_SOD_Customers 1 11 1 11
Analytic_11_SOD_Invoice_Receipt 1 12 1 12
19. Takeaway from today
I think the main take away from this presentation is:
A. Continuous auditing sucks, dude!
B. It is better to stick to traditional sample based auditing
C. Number of exceptions is always very low
D. Hussein is awesome!!! (Hint: correct answer)
195/31/201534th WCARS
Too many exceptions!
Information Overload
Research Opp. in EE