ISACA NY- Data Analytics March 28 2013

ISACA NY- Data Analytics

March 28 2013

Michael P. Cangemi CPA Former CFO, CEO & ISACA Journal Editor

Senior Fellow Rutgers CA Lab

Senior Advisor CA-CM software companies

A Focus on CM and Analytics

ISACA Journal Editor-in-Chief 1987-2007

Rutgers CA Lab- Ad Board; SR Fellow

Approva - Advisory Board

Oversight Systems – Senior Advisor

CaseWare - Senior Advisor

Gartner BI & Analytics Conference 3-2013

My themes – expansion of CA and

analytics and CM in business

Clarification of Related Terminology

Continuous Auditing CA

Continuous Monitoring CM, CCM-T

Big Data and Data Analytics

NOTE: Yes all can be Manual but

Automation is revolutionary

Continuous Audit

Implemented by independent auditors

Use of automation for greater coverage

lower cost! automate low value tasks,...

better, faster, cheaper

Use software independently – as well as,

modules in existing software

Emerging fields of Continuous Analytics

and Enterprise GRC

2010 EDPACS – IA’S Role in CM

selected as #16 best article in last decade

Themes: CM invented by auditors

Continuous Monitoring (CM) is a business

operational issue swirling around in the

auditing and accounting professions

Recommendations to audit:

1. CA is very valuable expand your usage

2. Recommend CM to the business

Continuous Monitoring

Implemented and managed by the business

Used to improve business operations & controls,

management of the business and to drive

bottom line impact

embed CM controls, CCM- Transactions and beyond

Improve controls but also improve data quality,

customer experience, sales, reduce costs, improve

margins, prevent fraud, recover dupe payments and

lost revenue; review J/Es; improve gross profit

Case: CM in IT Security

IT security monitoring – ie: for viruses; network

attacks: is this for internal control or business

process improvement (BPO)?

Consider; -used by management, sometimes as

part of the system on IC, or it can also be

used as part of BPO, which most times have

IC improvement aspects.

Monitoring is everywhere

Federal Express created New Standard

Lost cell

Phone – letter

To NY Times

FERF 2011 research:

The Benefits of Continuous Monitoring

C-Level focus – for CFOs

Started with a Literature Search

11 company interviews: IBM, UTC, Intel,

JC Penney, Microsoft, Wells Fargo, HP...

KEY FINDING: Leading

companies recognize the

importance of and use CA&CM

Case: CM – for FCPA

DOJ looking for systems approach=CM

Morgan Stanley – MD conspired with

Chinese public official

Morgan Stanley exonerated

SEC & DOJ praised them for having a

solid compliance program in place using

CM

BIG DATA and Analytics

Advancing automation : Digital processing and storage

Everyone has lots of Data

Then the internet and social media Wow – there is a whole lot more data

Buzz word – BIG Data Natural evolution: Headlines – what are you doing

with your BIG DATA

Action with = BI & Analytics

Evolution continues

Where does CA and CM fit in the world of

technology and business ????

CA – 85% of large audit functions have tools, but

very limited usage

CM – considered part of the emerging Enterprise

GRC and Continuous transactions monitoring;

future prep for BI

Gartner Research

Magic Quadrant Enterprise GRC

Platforms Oct 2012

Only one CM vendor mentioned Oversight

Systems as SAP GRC partner

Transaction Controls Monitoring

November 2012

TCM to lower compliance and audit costs

CaseWare; ACL; Oversight Systems; Infor –

Approva …

Gartner new EGRC MQ

Did not list CA or CM vendors

Will they add a CA-CM magic Q or fold

this software in ??????

Are we beginning a new phase

CM in E-GRC? in BPI? In BI as continuous

analytics?

CA tools expansion and integration with CM

The BI and Analytics Industry

Per Gartner Magic Quadrants

Data mining 1.9 B, growing 9 %.

Data quality 1.5 B, growing 15%.

Data warehouse Part of DBMs 20B

Bus Intelligence and Analytics. 5 B

Corp performance ( &Finance)

management 2.6 B

World Class Audit –Next Steps

Former CAE: What makes a world class

audit organization?

Good people (an organization)

Following well thought out procedures

Focused on significant issues and positive

deliverables to the business

Book- Managing the Audit Function

Management, IT, Financial Governance 17 Cangemi Company, LLC

Suggestion for Audit –IT Audit

1. IA - greater coverage lower cost!

automate low value tasks,... better,

faster, cheaper 1. Continuous Audit & Monitoring

2. Analytics and automated GRC

2. Drive bottom line impact.... "advise the

business, embed CM controls in operations”

1. - Reduce costs, improve margins, prevent fraud,

recover dupe payments and lost revenue; review

J/Es etc.

IT Audit: FERF Research and IA

Many good examples of IA leading the

way with CM recommendations (page 13)

Independence issues are addressed at

AEP, HP, IBM and JCP

CM can change the scope of internal and

external audits

IBM uses bi-directional design with CM

process leading to Enhanced Audit (EA)

Barriers: FERF Research: Benefits of CM

CM programs require a focus and

commitment of resources;

Some focus on ROI

Others focus on operational effectiveness

and risk reduction- (Intel Quote; Dow SAP)

CA-CM programs need a champion

IA Evangelists – they get CA and CM

Emerging Compliance Departments & CofE

New Frontiers March Madness

Coaches Gobble UP Analytics USA Today

Synergy Sports Technology – interactive

video box scores – all 30 NBA teams

Click on a number and see video of the play

Mercedes Benz M-Class SUV

ATTENTION ASSIST system continuously

monitors over 70 different…

TV Drama – A Person of Interest – Monitors

Data and surveillance cameras

The Future and your role

Automation has been a driving force, my

entire career

Advice

step away – a portion of time for new

initiatives

be creative – take the risks of change

Show your leadership

Enjoy the rewards!!!!

Barriers to automation

The old audit model will end

Technology and real time data will force

a change

SEC Robo-COP

Real time multi company audit –Coney

Begin your expanded CA and expanded

analytics today – with ISACA NY

Metropolitan Chapter

Discussions

Management, IT, Financial Governance 25 Cangemi Company, LLC

Cangemi Company LLC

Business Advisory and Media Services

Boards; Audit Committees; Internal Audit Mgt.;

GRC:IT Governance-Continuous Monitoring &

Analytics; Strategic Planning and Business Growth

Media –Keynotes; business forums

Book -Managing the Audit Function;

available at Amazon, Wiley

[email protected] www.canco.us

Management, IT, Financial Governance 26 Cangemi Company, LLC

CA-CM is a Process

CM is a process & foundation technology

Process - it can be manual;

Technology -can use existing software tools

Like Excel – once you have it – you will

expand the usage

FEI Research -Best Practices

Continuous Audit – 100% audit

P to P (UTC);

Order to Cash (IBM)

A/P; T&E; Payroll (MSFT- JCPenny)

Health Insurance Claims (Blue

Cross/Blue Shield of North Carolina)

Financial Surveillance (CME)

Apps configurations; IT Risks- plus (HP)

More Best Practices

GL--JEs;

Retail POS for fraud - Aigner

Physical Inventory - Aigner

GP – margin optimization

Pricing – revenue recognition

Old Favorites:

Deterrents

Updated Policies

FCPA

Oversight Systems announce its FCPA &

National Security Risk solution

New modules:

Automated Risk Identification and

Tracking

Global Risk Analysis

Suspicion Index

CM Software Intelligence

Collaborative Reasoning Engines Including and beyond basis data exceptions

Artificial intelligence (IBM Watson)

Benford’s law

Weighted scoring

Inference

Pattern and relationship recognition

Statistical methods