Who left the CAATs out – Alternative Uses of Data Analytics Tools Tim Smith, CPA CISA, CISSP March 28, 2013.

Slides:



Advertisements
Similar presentations
Chapter 4 Database Processing. Agenda Purpose of Database Terminology Components of Database System Multi-user Processing Database Design Entity-relationship.
Advertisements

C6 Databases.
GP2013 (R2) New features in GP2013 (R2). New Ribbon for windows Edit List is the Print button on the right without the paper background Action pane can.
4268 Lakefall Court Riverside, CA Toll Free (877)
Lecture-7/ T. Nouf Almujally
RealProperty PLUS IT Professionals Security Implementation and Utilities © 2009 Domin-8 Enterprise Solutions LLC. All rights reserved.
Unemployment Insurance Integrity Conference April 19, 2010 Forensic Techniques And Automated Oversight Brett Baker, PhD, CPA, CISA.
1 1 of 22 Data Analytics Updated: 3/6/ of 22 Agenda Updated: 11/10/2010 About UsAbout Us Define Data AnalyticsDefine Data Analytics Data DiagramData.
By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.
The Islamic University of Gaza
April 28, 2015 Virginia Tech. Data Analytics “Analytics is the combustion engine of business, and it will be necessary for organizations that want to.
Recording / Financing Fixed Asset Acquisition Human Resources Purchasing Revenue Traditional files approach: separate systems Expenditure Cycles Reporting.
Chapter Physical Database Design Methodology Software & Hardware Mapping Logical Design to DBMS Physical Implementation Security Implementation Monitoring.
Database Management: Getting Data Together Chapter 14.
Mgt 240 Lecture MS Excel and Access: Introduction to Databases September 23, 2004.
3-1 Chapter 3 Data and Knowledge Management
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.
Chapter 11 Data Management Layer Design
Chapter 14 The Second Component: The Database.
Information Technology in Organizations
Database Software Application
Integrate your people maximize your knowledge Tel SalesBase Customer.
Microsoft Access Database software. What is a database? … a database is an organized collection of data. A collection of data of similar information compiled.
DAY 21: MICROSOFT ACCESS – CHAPTER 5 MICROSOFT ACCESS – CHAPTER 6 MICROSOFT ACCESS – CHAPTER 7 Akhila Kondai October 30, 2013.
MS Access Advanced Instructor: Vicki Weidler Assistant:
1 CADE Finance and HR Reports Administrative Staff Leadership Conference Presenter: Mary Jo Kuffner, Assistant Director Administration.
CBS Data Analysis with CATT Tool – IDEA
Ihr Logo Data Explorer - A data profiling tool. Your Logo Agenda  Introduction  Existing System  Limitations of Existing System  Proposed Solution.
Copyright © 2003 by Prentice Hall Module 4 Database Management Systems 1.What is a database? Data hierarchy and data organization Field, record, file,
Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 13 Database Management Systems: Getting Data Together.
Concepts of Database Management, Fifth Edition Chapter 1: Introduction to Database Management.
ACL: Introduction & Tutorial
ITOM 2308 Introduction to Databases Review Access Database Corporate Case Study ITOM 2308 Class 81.
Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.
Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.
State of Kansas INF50 Excel Voucher Upload Statewide Management, Accounting and Reporting Tool The following Desk Aid instructs users on overall functionality.
Miscellaneous Excel Combining Excel and Access. – Importing, exporting and linking Parsing and manipulating data. 1.
CIS 103 — Applied Computer Technology Last Edited: September 17, 2010 by C.Herbert Using Database Management Systems.
Fluency with Information Technology INFO100 and CSE100 Katherine Deibel Katherine Deibel, Fluency in Information Technology1.
Lecturer: Gareth Jones. How does a relational database organise data? What are the principles of a database management system? What are the principal.
ACL Duplicate Invoices Detection Overview Using ACL to detect and report Duplicate Invoices within and between a Rail Entity’s Ariba procurement, Ellipse.
Chapter 5 Database Processing. Neil uses software to query a database, but it has about 25 standard queries that don’t give him all he needs. He imports.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.
5-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
5 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
1 Technology in Action Chapter 11 Behind the Scenes: Databases and Information Systems Copyright © 2010 Pearson Education, Inc. Publishing as Prentice.
Chapter 9 Database Systems © 2007 Pearson Addison-Wesley. All rights reserved.
Advanced Accounting Information Systems Day 10 answers Organizing and Manipulating Data September 16, 2009.
0 / Database Management. 1 / Identify file maintenance techniques Discuss the terms character, field, record, and table Describe characteristics.
Introduction to KE EMu Unit objectives: Introduction to Windows Use the keyboard and mouse Use the desktop Open, move and resize a.
Microsoft Office 2013 Try It! Chapter 4 Storing Data in Access.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)
MICROSOFT ACCESS – CHAPTER 5 MICROSOFT ACCESS – CHAPTER 6 MICROSOFT ACCESS – CHAPTER 7 Sravanthi Lakkimsety Mar 14,2016.
Database (Microsoft Access). Database A database is an organized collection of related data about a specific topic or purpose. Examples of databases include:
Data Resource Management Data Concepts Database Management Types of Databases Chapter 5 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies,
Dynamics GP – You Own It … Why Not Use It? Financial November 8, 2016
Pengantar Sistem Informasi
Practical Office 2007 Chapter 10
Framework for a Forensic Audit and Investigative Capability
GO! with Microsoft Access 2016
Created by Kamila zhakupova
MS Dynamics NAV Intro 1 J.Skorkovský Department of Corporate Economy
Accounting System Design
Collaborative Business Solutions
Accounting System Design
INTRODUCTION A Database system is basically a computer based record keeping system. The collection of data, usually referred to as the database, contains.
Professional Services Tools Library (PSTL)
Presentation transcript:

Who left the CAATs out – Alternative Uses of Data Analytics Tools Tim Smith, CPA CISA, CISSP March 28, 2013

The Corporate Caveats The concepts presented are my own and do not represent LPL Financial or LPL Financial Internal Audit. 2

What we are going to cover CAATs revisited How can they be used in new ways Why auditors need to learn to use them What tools exist CAATs Close-up Looking at security with CAATs Some IDEA functions for new tricks Some IDEA / CAATs success stories 3

A few things to use CAATs for Validating data entry dates / times / users to identify postings or data entry times that are inappropriate or suspicious. Classification to find patterns and associations among groups of data elements. Gap testing to identify missing numbers in sequential data. Joining different data sources to identify inappropriately matching values such as names, addresses, and account numbers in disparate systems. 4

5 What are you trying to test? Controls Metadata Reports Data Transaction Details Reports Data Reports Off-the-shelf Custom / ad-hoc Before you ask IT – ask yourself

6 Metadata in an accounting system Non-financial fields discussing the Who What When How About the fields in the records comprising financial information Together, these data can provide a diagnostic view of the accounting system

What might we need to look at Retroactively Transaction data – especially between systems Transaction metadata Module or journal entries Logs Prospectively System access Program change management 7

Working with system access information Larger software vendors are targeting the small to medium enterprise space – SAP, Oracle, Microsoft. As a result, many businesses have access listings containing thousands of lines System access information can be complex – very granular, with difficult formats Data may cover multiple menu layers and multiple modules within an application Therefore, it is vital to gain a understanding of basic access information structure and what you want to test before starting 8

A few systems with complex security reports Oracle Financials SAP (SmartExporter) Microsoft Dynamics – Great Plains Sage MAS 500 ADP Enterprise HR (EV5)-- Formerly PeopleSoft HRMS 9

MS Great Plains v10 security model – four levels Security Operations refers to access to all windows, tables, reports and miscellaneous permissions A Security Task is a set of Security Operations required to perform a specific task A Security Role combines multiple Security Tasks required to perform a specific role Each User and Company combination can have multiple Security Roles assigned to it 10

Complex Access From a higher level – viewed From the role 11

Unexpected functions within the roles 12

What are the tools? Excel – row limitation (was 65K lines, now 1m or so); data easily changeable Access – data also easily changed; might also hit a size limitation (1GB for pre 2003; 2-3 GB now) SQL Server – again, data changeability; probable need for programming knowledge (SQL) Specific CAATs software packages ACL – Audit Command Language IDEA – Interactive Data Extraction and Analysis 13

Key functionalities of IDEA Profiling the data Extractions Gaps and Duplicates Adding a new field Smart Analyzer (an Add-on module) Joining Databases 14

CAATs success stories 1 GAO report Significant internal control weaknesses in Education’s payment processes and poor physical control over its computer assets made the department vulnerable to and in some cases resulted in fraud, improper payments, and lost assets. 15

CAATs success stories 2 Assisted a Federal agency evaluate problems with its accounting system, taking it from a disclaimer in year 1 to a qualified balance sheet in year 2 to a clean opinion in year 3. 16

MS GreatPlains 17

IIA 10/10/201218

19 RACF security – User Attributes

iSeries – Display Object 20

Report Reader Can be used with formatted text files Can be used with non-picture PDF files Create a template that can be used for future files of similar construction Crucial for work with non-columnar reports or reports with header / trailer information to be ignored 21

Smart Analyzer – built in tests Tests Looking at the Metadata Journal Entries Posted on Weekends Journal Entries Posted on Specific Dates and Times Journal Entries by User Journal Entries with Specific Comments 22

Joining databases - concepts Lagos 1002 Cairo 1003 New York 1004 Paris 1005 Berlin 1006 Sydney 1007 Toronto 1008 Durban 1009 London 1004 France 1004 China 1006 Australia 1007 Canada 1008 South Africa 1009 UK 1010 Brazil 1011 Austria 1012 Peru PrimarySecondary All records from Primary note that ‘1004 China’ will not be included No matches in Secondary Note that ‘1005 Berlin’ also will be included and no empty columns from secondary database will be included Matches Only note that ‘1005 Berlin’ and ‘1004 China’ will be excluded No matches in Primary Note that ‘1004 China’ will NOT be included and empty record from primary will be add to these 2 columns All records in both files All records from secondary is not included -> select secondary file as primary file

Joining databases - results 24 All records from both files 1001Lagos0 1002Cairo0 1003New York0 1004Paris1004France 01004China 1005Berlin0 1006Sydney1006Australia 1007Toronto1007Canada 1008Durban1008 South Africa 1009London1009UK 01010Brazil 01011Austria Peru All records from Primary 1001Lagos0 1002Cairo0 1003New York0 1004Paris1004France 1005Berlin0 1006Sydney1006Australia 1007Toronto1007Canada 1008Durban1008 South Africa 1009London1009UK Matches Only 1004Paris1004France 1006Sydney1006Australia 1007Toronto1007Canada 1008Durban1008 South Africa 1009London1009UK No Secondary 1001Lagos 1002Cairo 1003New York 1005Berlin No Primary Brazil 01011Austria Peru

CAATs Success Stories 3 Determined the extent of data changed by an A/R manager modified data to awards for efficient A/R management Discovered numerous instances of cash awards where the same person proposed, approved, and received. 25

MAYHEM…..and CAATs The authors describe manipulating a major financial accounting systems used by corporations large and small (Great Plains) to show the importance of good information security and accounting controls. They identify information security and accounting controls needed to detect these types of attacks. ovation/Pages/Tools.aspx ovation/Pages/Tools.aspx In this time of reduced resources….don’t leave the CAATs out. 26

27 Questions or Comments ? 27

Contact Information Tim Smith

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.