Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Integrating Data & Analytics within Internal Audit April 2016 Restrictions on Disclosure and Use Restriction on Disclosure and Use of Data – This document contains confidential or proprietary information of KPMG LLP, the disclosure of which would provide a competitive advantage to others; therefore, the recipient shall not disclose, use, or duplicate this document, in whole or in part, for any purpose other than recipient’s consideration. © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 1 With You Today ■ Alex Menor, Senior Specialist, Data Analytics-enabled Internal Audit (National) © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 2 Agenda 1 Importance of Data & Analytics 2 Current Trends 3 KPMG’s Point of View Data & Analytics-enabled Internal Audit (DAeIA) Process Analytics-based Internal Audit Maturity Model Transformation Roadmap 4 Getting Started Prioritizing Your Audit Plan Analytics Development Process 5 Examples Example Case Studies © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 3 Importance of Data & Analytics Importance of Data Analytics All firms have raw data; however, companies that process raw data into knowledge create a valuable organizational asset A n a l y t i c s Knowledge Information Raw Data © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 5 Why use Data & Analytics in Internal Audit? ■ Continued pressure to “do more with less” ■ Expectations to provide enhanced value ■ Desire to improve the effectiveness and efficiency of the audit department through repeatable and sustainable methods © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 6 Current Trends KPMG observations Current Trends ■ Development of an Internal Audit Strategy and Roadmap for D&A – Link to enterprise initiatives – Partnering with the business, compliance, IT functions, develop joint business case ■ Drive more value to the broader enterprise ■ Leverage others’ resources, capabilities, tools, etc. ■ Enhancing risk assessment activities with quantitative information (CRA) ■ Building “repeatable and sustainable” ETL (Extract, Transform, Load process) and analysis for meaningful reporting; not long lists of anomalies. ■ Trend toward leveraging BI and Visualization tools © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 8 KPMG’s Point of View Data & Analytics-enabled Internal Audit Process Business Monitoring Enhanced Dynamic Reporting Data & Analytics Audit Execution Analytics-Driven Continuous Risk Assessment Data & Analytics-enabled Internal Audit Dynamic Audit Plan Operationalize into repeatable and sustainable analytics D&A Audit Scoping and Planning © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 D&A enabled Audit Workplan 10 Analytics-based Internal Audit Maturity Model Maturity Level I IA Methodology Traditional Auditing Maturity Level II Ad Hoc Integrated Analytics Maturity Level III Continuous Risk Assessment & Continuous Auditing Maturity Level IV Integrated Continuous Auditing & Continuous Monitoring Maturity Level V Continuous Assurance of Enterprise Risk Management Strategic Analysis Enterprise Risk Assessment IA Plan Development Execution and Reporting Continuous Improvement Data analytics are generally not used Data analytics are partially used but are sub-optimized © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 Data analytics are effectively and consistently used (optimized) 11 Data Analytics-enabled Internal Auditing Transformation Roadmap Phase I: Develop Strategic Plan • • • • • • Understand internal audit management’s goals, ambitions, and vision for data and analytics Share Point of View and Market Drivers, which may include facilitating a Internal Audit team/department awareness training session and/or sharing thought leadership Prepare and conduct Internal Audit team strategy/roadmap visioning workshop(s) Perform current state assessment across people, process, technology and information dimensions within internal audit and across the organization, if appropriate Identify and understand relevant current organizational initiatives Identify the systems and relevant data required for a pilot Phase III: Radiate Across Audit Department and Universe Phase II: Pilot Execution Planning / Scoping • Understand the audit objective(s) • Determine what analytics are relevant in achieving the audit objective(s) • Data management and analytics • Design the analytics-enabled audit program • Identify relevant IT systems and determine availability and quality of data • Acquire and assess data quality Execution • • • Refine (confirm the logic) and develop analytics • Run analytics and perform initial validation of results to identify data and/or logic flaws; modify and re-run analytics as necessary • Confirm the results of the analytics support achieving the audit objective(s) Reporting • Interpret results © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 Provide recommendations to update the audit approach to include an analytics approach for: − Modifying (where necessary) and radiating analytics across all relevant business processes and audit areas and across organization units − Transitioning, where appropriate, to continuous auditing Assist with Change Management within IA − Identify key IA resources that will drive change throughout the department − Identify major risks and/or barriers to implementing data & analytics then track the success of mitigation strategies − Design and deliver trainings focused at the different levels of involvement (awareness, planning, execution, interpretation, reporting, etc.) Phase IV: Continuous Program Evaluation • • • • • Regularly evaluate program for effectiveness and refine, as necessary Consider additional areas for expansion and maturity within the internal audit and compliance functions, including quantitativeenhanced continuous risk assessment Evaluate opportunities to extend into the business, including continuous monitoring Include the use of data & analytics in the employee goal-setting and review process Continuously evaluate the current and future maturity of the use of data & analytics 12 Prioritizing your Audit Plan & Analytics Development Process Prioritizing Your Audit Plan for Use of Data & Analytics Availability: Is data available for the audited process? No Yes Comprehension: Do your resources have the business knowledge available to understand the source data? Not a likely candidate E.g., audit of a manually performed control No Not a likely candidate E.g., audit of a complex process without front end support of process owner or IT Yes Data Quality: Is the data being captured consistent in nature and complete No E.g., exploratory audit or profile of a process Yes Risk: Does the audited process/area represent a high concentration of risk? Complexity: Is the data being obtained from 3 sources or less? Is the time required to obtain and validate the data low? Yes Top Priority E.g., OTC or P2P audit No Yes No Repeatability: Will the audit be performed multiple times using a similar data source (e.g. same ERP or quarterly audit)? © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 Possible Candidate Top Priority E.g., T&E audit Yes Top Priority E.g., P-Card audit No Possible Candidate 14 Sample Audit Plan CRA Prioritization Candidate for DAeIA Audit Area Procurement & Payables Balance Sheet Review Cash Controls Payroll FCPA IP Protection Description -Vendor analysis -Vendor setup -PO -Invoice -Payment -3-way Match -P-Card -Travel and Entertainment Journal entry analysis Stale account postings Unusual account pairings Contra-account activity Determine whether cash controls and bank reconciliations are performed in ERP or performed manually. Determine if Payroll is performed internally in ERP or using a provider such as ADP Include FCPA as part of other audits such as procurement or revenue cycle Analytics Type Frequency Risk Complexity (High, Medium, Low) CRA Scoping/ Profiling Detailed Testing Repeatable/ Periodic Risk Coverage Process System Data Availability, Comprehension & Quality 9 Y Y Y Y High Medium Low TBD TBD 14 N Y Y Y Medium Low Low TBD TBD 14 N/A N/A N/A N Medium Low High TBD TBD 13 N Y Y N Medium High TBD TBD TBD 13 N Y Y Y High High Low TBD * N Y Y N Medium Medium High TBD * Y Y Y N Low Medium High TBD Y Y Y Y Medium Medium High TBD Y* TBD* TBD* Y High Medium Low TBD Hours Timing TBD Yes Likely TBD 13 NA Compliance with Customers' TBD 4 Requirements NA Inventory TBD 9 Management Inventory obsolescence -Customer analysis -Customer setup Revenue & -Sales orders TBD 3 Receivables -Shipments/Cutoff * TBD based on determination of availability and quality of data -Credit and Collections No / TBD * © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 15 Data Analytics enabled Internal Audit (DAeIA) Planning Scoping Fieldwork Define Audit Objectives Acquire data (see detailed ETL process) Business Understanding Analytics scoping Reporting ETL (if necessary) Results Validate/ Refine DAeIA work program Dynamic Reporting Develop Refine Draft DAeIA work program Interpret results Acquire additional data, if necessary (see detailed ETL process) Execute Perform Analytics Validate Perform audit work steps and analyze results (individually and aggregated) CRA Continuous Improvement Operationalize into repeatable and sustainable analytics APG Builder Tools Exception Manager © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 16 Example Case Studies Spend Analysis Assessing Buying Channels for Compliance and Optimization A financial services company made the decision to encourage more spend using P-Cards to reduce the number of invoices processed by AP. However, transitioning spend to P-Card without proper monitoring processes can cause inappropriate spend due to the lack of a formalized buying process. An analysis was performed to assess the overall effectiveness of the transition to P-Card as well as identify Transactions Expense Reports Cardholders Merchants Total Spend 42k 6k 355 12k $47 M Analysis Included: • P-Card Transactions including • Potential performance improvement opportunities • Transactions indicative of fraud, waste, and abuse • Non-compliance with the established policies and procedures. • Assessment of existing process against Leading Practices • AP Spend © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 Key Observations: • P-Card Spend as a percentage of total spend was substantially lower than the benchmark for the industry (2.35% vs 8%) • $225K in Gift Card purchases were not included in employee income • $35K in duplicate payments made simultaneously through AP and P-Card 18 Retail Competitive Pricing Analytics Turning Risk into Competitive Advantage A leading discount shoe retailer offers over 8,000 different styles of shoes via its physical and online stores. A key management objective is to meet or beat competitors’ pricing – but monitoring their progress against that objective was difficult. Through the use of data & analytics, these challenges were overcome to provide a complete picture of the retailer’s pricing positions on a monthly basis. Shoe Styles Products Competitors Low Cost Retailer 8k 50K 6 56% Analysis Included: • Unstructured Data from 6 Websites • Natural Language Processing including Fuzzy Matching • Configurable scoring algorithm • Match results that included product images to allow for human review © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 Key Observations: • 3 of 6 Competitors had better pricing on more than 50% of products • 44% of all products did not have the lowest price among competitors • A portion of products advertised as good deals were still priced higher than competitors 19 Questions? © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 20 Thank You All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 383559 The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.