Presentation is loading. Please wait.

Presentation is loading. Please wait.

Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.

Published byDarren Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals."— Presentation transcript:

1

2 Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals must be requested via e-mail: vendor.relations@gartner.com. Gartner is a registered trademark of Gartner, Inc. or its affiliates. Continuous Controls Monitoring for ERP and Financial Systems French Caldwell

3 Manual vs. Automated Controls Manual Controls Mostly detective Invasive, with little direct business benefit Focus on what's visible Automated Controls Mostly preventive Continuous, with direct performance benefits Often inherent in the system

4 Key Issues 1. What are the drivers for automating financial controls? 2. What does CCM do, and who are the vendors? 3. What are the best practices for implementation?

5 Key Issues 1. What are the drivers for automating financial controls? 2. What does CCM do, and who are the vendors? 3. What are the best practices for implementation?

6 GRC Solutions Comparison Model ITFinance Operations Controls Legal Management IT GRCM EH&S IT Controls Operations Controls Vendors Enterprise GRC Platform Operational Risk Mgt Corporate Governance Legal Controls Finance Controls Risk Management Governance

7 CCM Drivers: Continuous Audit and Continuous Monitoring Internal Audit — Do the audit: -Work paper management -Task scheduling and management -Remediation tracking -Complex analysis CFO — Reduce the cost and impact of the audit: -Responding to auditors -Remediate deficiencies -Reporting -Reduce impact of audit on other business priorities

8 Regulations Are Encouraging Automation Two Priorities: Skyrocketing Audit Costs Management's Antifraud Controls

9 And There Are Business Performance Drivers, Too Reduce fraud and other transaction cash leaks Improve availability of working capital

10 Key Issues 1. What are the drivers for automating financial controls? 2. What does CCM do, and who are the vendors? 3. What are the best practices for implementation?

11 Continuous Controls Monitoring Applied to… Master Data Data Accuracy and Permissions Audit Trail Application Configuration Presence and Config. of Controls Transactions Working Capital Financial Governance Segregation of Duties Antifraud PII

12 Accounts Payable Example of CCM Vendor P.O. Receipt Invoice Payment AP Process Duplicate Payments Duplicate Vendor Records Duplicate Invoices Payment Terms Three-Way Match Requisition Segregation-of- Duties Conflict Alert If Settings Changed CCM-Master Data CCM-App ConfigCCM-SoDCCM-Transactions

13 Continuous Controls Monitoring (CCM) Vendors VendorSegregation of Duties Transactional Controls Monitoring ACL Services Approva BWise Greenlight Technologies Infogix Oracle Oversight Systems Runbook Company International SAP Security Weaver SymSure

14 Key Issues 1. What are the drivers for automating financial controls? 2. What does CCM do, and who are the vendors? 3. What are the best practices for implementation?

15 Value on Investment (VOI) for CCM Improve Important Business Processes Management Value Lower Audit Costs Improve Antifraud and Other Controls Audit Value b Performance Risk Management Compliance External Auditor Trust in Internal Audit Work Reduce Manual Sampling ID and Correct Problems Before Performance Impact Value Strategic Business Initiatives Cross-Enterprise Initiatives Like ERM or Multiregulatory Compliance Response to Individual Mandates

16 Identify Key Controls "Control objectives that overlap reasonably anticipated risks indicate key controls that should have higher priority" CO Standard of Due Care RAR Governance Risk Assessment Control Objectives Reasonably Anticipated Risks Key Controls

17 CCM-T Selection Guidelines ERP Compatibility – Compatible "out of the box"? Controls Library Coverage – Controls for your risks? Business Rules and Analytics – Ability to model, simulate and build own controls? False positives? Remediation Workflow – Automated detection and remediation processes? Cross-Platform and Multiplatform Application Support – Integration in Heterogeneous environment? Integration with EGRC Platform – How easily does it integrate with your EGRC platform? Continuous Audit Support – Does your external auditor use the vendor for audit analytics? CCM vs. BAM – Is customization so great you would be just as well off using a BAM vendor?

18 CCM Implementation Guidance The problem is 80/20 Business/IT: -The solution is 50/50 Find money fast: -Duplicate payments; payment cards Extraction schedule: -Quarterly for audit -Daily for continuous monitoring Resolution workflow: -Problems found later in the process are more expensive -Repeatable, predictable, consistent process for the resolution of exceptions. Tuning: -Don't implement everything out of the box. -Develop custom analytics for your organization. -Choose integrity checks that are meaningful to the business.

19 Recommendations Align the needs of internal auditors and financial managers. -Reducing audit time and resources -Bringing more value of audit to the business -Stopping cash leaks and improving working capital Consider CCM if: -Lowering compliance and audit costs while improving access and antifraud controls -Improving assurance of ERP control configurations -Improving financial governance and control reliability -Improving operational performance, including the working capital, through enforcement of business rules Take a risk-based approach to implementation: -Determine business value -Scope to key controls -Evaluate vendor capabilities -Close the loop with your internal and external auditors

Download ppt "Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals."

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
CFIT Presentation Presented By: Sumit Nijhawan

CFIT Presentation Presented By: Sumit Nijhawan
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.
INC 500 Awards in 2007, 2008, and 2009 as one of the fastest growing private companies in the US INC 5000 Awards in 2010, 2011 and 2012 as one of the fastest.

INC 500 Awards in 2007, 2008, and 2009 as one of the fastest growing private companies in the US INC 5000 Awards in 2010, 2011 and 2012 as one of the fastest.
MIS 5121: Exam 3 – Review Sheet

MIS 5121: Exam 3 – Review Sheet
Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November.

Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Copyright © 2003 Americas’ SAP Users’ Group Compliance and Continuous Monitoring: Achieving Best Practice Standards for Internal Control Michelle Thomson.

Copyright © 2003 Americas’ SAP Users’ Group Compliance and Continuous Monitoring: Achieving Best Practice Standards for Internal Control Michelle Thomson.
Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.

Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Similar presentations

Ads by Google