Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November."— Presentation transcript:

1 Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November 22-23 2002

2 Status of use of continuous assurance implementations. What is meant by “continuous”? The practical issues of integrating continuous auditing/monitoring procedures to the data and the underlying application. Defining the control parameters to be tested. Setting the thresholds for reporting and priorities for notifications. Softwarefunctionality required to support continuous monitoring Implementing Continuous Assurance Systems

3 Status of continuous assurance implementations within the ACL user base: ACL user base includes over 150,000 licensed users:  The Final 4  89 of the Fortune 100  44% of the Global 500  30+ national governments and virtually all US state governments Very few organizations have fully embedded and automated continuous auditing/monitoring applications Most “Continuous Monitoring applications” are simply series of automated data analysis tests that are run on a regular basis, and are manually initiated - not true continuous applications e.g:  Detecting indicators of fraud  Identifying duplicate and other overpayments Continuous Assurance Systems

4 “Continuous” Assurance Applications: Automated analyses that test transactional data against defined control parameters/rules Generally independent of the underlying business application system Run automatically on a daily / weekly basis – (occasionally more frequently) Automatically generate exception reports / alerts Detective more than preventative Continuous Assurance Systems

5 Most common application areas among ACL user base: General business process: Purchase / Payments cycle Vendor fraud Expense claims Industry-specific Money laundering, anti-terrorist legislation Insurance claims Medicare/Medicaid compliance Continuous Assurance Systems

6 Continuous Monitoring Application Independent, comprehensive series of control tests Payments system Continuous Monitoring system

7 Why are they needed?: Confirmation that controls built into application systems are operating effectively Make up for lack of controls in application systems Continuous Assurance Systems

8 Getting to the data: Direct access vs extract  Direct access to mainframe / server data usually preferable  Data extract may be preferable to minimise processing impact Define the “data slice”  Decide on the point at which to take the slice (Time-based? Process-based? – depends on underlying application system and timing of CA process)  Ensure that all transactions are captured since the last test process Continuous Assurance Systems

9 DDA Files (DB/2) Money-laundering application ACL for OS/390 Client Server ACL for Windows Client Control parameters defined within ACL “rules-engine” Customer names, Account Master Daily Account History Adjust alert sensitivity File of suspect transactions Reports and alerts Distributed by e-mail Lower Priority reports High priority alerts Processing log ACL daily extract / monitoring process launched by JCL and Windows Schedulers Additional analysis by ACL of suspect transactions

10 Establishing the control parameters: Identify specific control exposures Identify indicators of risk Use transactional analysis to determine if conditions exist for which no controls designed/risks indentified Define specific control parameters / tests Establish sensitivity thresholds for reporting and alerts  “Scoring/weighting” of events dependent upon combination of control parameters that are failed and indicators of risk Continuous Assurance Systems

11 ACL functionality that supports Continuous Assurance applications: Analytical and inquiry processes that support audit and control procedures Direct data access e.g.  ACL OS/390 Client Server  Direct Link for SAP R/3  ODBC-compliant databases NOTIFY – e-mail notification of reports and alerts Complete logging of processes Definition of control parameters (“rules-engine”) Development of interactive and automated applications Continuous Assurance Systems

12 Example of interface for tuning monitoring parameters Note: This amount can be modified from the parameters menu.

13 Example of interface for tuning monitoring parameters

14 Example of ACL Notify command

Download ppt "Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November."

Similar presentations

Softricity LLC Advance slides with arrow keys. Without PDMLynx Informal processes based upon excel, access, paper files No consistency across organization.

Softricity LLC Advance slides with arrow keys. Without PDMLynx Informal processes based upon excel, access, paper files No consistency across organization.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
CFIT Presentation Presented By: Sumit Nijhawan

CFIT Presentation Presented By: Sumit Nijhawan
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
1 OCEANIA TECHNOLOGY SEMINAR 2008 © 2008 OSIsoft, Inc. | Company Confidential OCEANIA TECHNOLOGY SEMINAR 2008 How PI Notifications ensures that SmartSignal’s.

1 OCEANIA TECHNOLOGY SEMINAR 2008 © 2008 OSIsoft, Inc. | Company Confidential OCEANIA TECHNOLOGY SEMINAR 2008 How PI Notifications ensures that SmartSignal’s.
DB2 Tools Pertemuan 3 Matakuliah: T0413 Tahun: 2009.

DB2 Tools Pertemuan 3 Matakuliah: T0413 Tahun: 2009.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Company and Product Overview The AMLA Doug Keipper, CAMS.

Company and Product Overview The AMLA Doug Keipper, CAMS.
CAATTs for Data Extraction and Analysis

CAATTs for Data Extraction and Analysis
Continuous Audit at Insurance Companies

Continuous Audit at Insurance Companies
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Copyright © 2003 Americas’ SAP Users’ Group Compliance and Continuous Monitoring: Achieving Best Practice Standards for Internal Control Michelle Thomson.

Copyright © 2003 Americas’ SAP Users’ Group Compliance and Continuous Monitoring: Achieving Best Practice Standards for Internal Control Michelle Thomson.
The Information Systems Audit Process

The Information Systems Audit Process
Continuous Auditing Applications for SAP/R3 Vincent Rykes City of Edmonton.

Continuous Auditing Applications for SAP/R3 Vincent Rykes City of Edmonton.
Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.

Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.
16th World Continuous Auditing Symposium Continuous Auditing Process using Cross References and Key Performance Indicators Washington Lopes da Silva.

16th World Continuous Auditing Symposium Continuous Auditing Process using Cross References and Key Performance Indicators Washington Lopes da Silva.
U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

Similar presentations

Ads by Google