The Business Assurance Professionals Page 1 Business assurance the mature phase in compliance Presentation: dr. Tim Willems Date: February 28, 2006
Apr 01, 2015
The Business Assurance Professionals Page 1
Business assurance
the mature phasein
compliance
Presentation: dr. Tim WillemsDate: February 28, 2006
The Business Assurance Professionals Page 2
Who is Ba-PRO?
Ba-PRO is a Business Assurance Software provider. Headquartered in the Netherlands, development team in Romenia. Founded by dr. Tim Willems, also founder (1995) of BWise, international leading Sarbanes Oxley compliance software provider.
Business Assurance gives company management confidence by continuously
matching relevant business controls against business back office data. Automated detective & preventive controls
Ba-PRO develops dedicated Business Assurance solutions• Fraud management• Sarbanes Oxley compliance• Credit- and Risk management• …
New or existing control documentation in the control framework documents(e.g. Axentis, SAP-MIC, Word, Excell, BWise, Paisley)
Existing real time business data Information available in back office apps (e.g. SAP, Oracle, Baan, Navision, Peoplesoft, propriatary)
Ba-PRORelates documented controls to real time business data •Alert control violations•KPI cockpit•XBRL based reports
Alerts and KPI’s
The Business Assurance Professionals Page 3
Alerts
• Home page– KPI’s – Statistics– Alerts– Framework
The Business Assurance Professionals Page 4
• Control framework– Subsidaries
– Departments
– Processes
– Accounts
– Risks
– Control objectives
– Controls
– Coso
– . . .
Find relevant control info
The Business Assurance Professionals Page 5
XBRL / IFRS / GAAP
• Standards/ XBRL– US Gaap – IFRS– Accounting manual
The Business Assurance Professionals Page 6
Find the right employee
• Who?– Responsible – Accountable– Consulted– Informed
The Business Assurance Professionals Page 7
Solutions: Fraud management
Advantages:
•Fraud is a very hot topic and difficult to prevent / proove that it didn’t happen•Big 4 have admitted difficulties in fraud management•Running Ba-PRO fraud management creates awareness thus reduces risk•No complete competitive solution available•Fraud management consulting partner available (4itrust)•Predefined fraud controls (documented in the control framework)
– smurfing– over value– SOD– vendor relations– private relations– . . .
•Immediate fraud alerts (sometimes even preventive)•Cut back on related cost
– prevention– fraud loss– remediation– good will / shareholder value (> 100.000 at a snap)
The Business Assurance Professionals Page 8
Solutions: Credit management
Advantages:
•Traditional credit management – only focusses on the vendor side– only monitoring of outstanding invoices– only reactive
•Ba-PRO – includes / facilitates customer– full workflow between vendor and clients– dispute resolution– monitoring of outstanding invoices– vendor and client application (hosted)– includes business assurance rules on invoicing and payment process = proactive– ease of integration (SAP agents available)
•Runs on SAP, Oracle and Navision•Improved customer relationship•Cost reduction per invoice•Cost reduction cash managent•Web-enabled (vendor and customer)
The Business Assurance Professionals Page 9
Solutions: Compliance
Advantages:
•Traditional SOX / compliance management – focus on documentation (control framework)– control testing by control self assessment– continuous testing SOD focus
•Ba-PRO – documentation (in Ba-PRO or integrated with third party like SAP-MIC)– XBRL included (ifrs, us-gaap . . .)– continuous testing full compliance = automated and preventive– other templates integrated (Cobit, Coso, FDA, Fraud . . .)– process and data centric– KPI dashboarding (process efficiency)– Agent technology for data integration– flexible (create your own compliance app)– available for all process owners (integrated)
•Cost reduction in compliance•Automated detective and preventive controls•Full Business Assurance (does not stop at SOD or SOX) = Multiple perspective and different portfolioviews
The Business Assurance Professionals Page 10
Business assurance
ComplianceSomeMoreDetail
The Business Assurance Professionals Page 11
Current business issues
Supervisory board: Avoid risks and fraud
Board: Autonomous growth and Acquisitions (integration)
CFO: Finance ongoing operations and growth
Management: Grow revenues and profit, cut back cost
Management: Integrate (regional) business units/companies
Management: Control the business based on real time information
Controller/CFO: Comply with multiple regulations (FDA, SOX, Basel II)
The Business Assurance Professionals Page 12
State of the “Art”
• Risk and control documentation (Sarbanes)(e.g. Axentis, SAP-MIC, Open Pages, BWise, Word, Excel)
• Financial Accounts
• Processes
• Risks
• Controls (and objectives)
• Procedures / documentation
• Control self assessments
• Manual evidence collection
• Expensive reporting structure
• Off line monitoring based on reports
• Separate systems for multiple compliance
• No business assurance
The Business Assurance Professionals Page 13
What most companies miss
Most companies today• only have a partial control framework documented (e.g. Axentis, BWise, Paisley)• don’t have real time monitoring on material events (409) • don’t have real time control testing• don’t have the segregation of duties checks• don’t have Business Assurance• don’t have Risk and Fraud detection systems
In most companies• the board has control documents available but the board lacks real time control
transparancy and steering data (no cockpit)• the CFO wants to avoid mistakes and has to assure the business to create financing
possibilities/improve banking relations• the operational management has to integrate companies quickly to support corporate
transparancy and predictibility (assurance)
The Business Assurance Professionals Page 14
But what are we looking for?
Continuous fraud detection
Real time risk management
KPI monitoring, continuous control (e.g. Sarbanes Oxley 409, real time disclosure)
Transparancy
Integrate transparent and controlled companies
Real time management cockpit
Single documentatioin platform for multiple compliance / reuse information
Platform to facilitate the growth process from detective to preventive controls
The Business Assurance Professionals Page 15
Bob, can we build this?
• 24 * 7 Risk, Fraud and SOD detection to reduce loss
• Real time control monitoring (link controls with real business data)
• Enterprise Risk management (real time risk monitoring)
• 24*7 corporate governance and disclosure (e.g. 409)
• XBRL introduction for ease of reporting & compliance
• Integrated multiple compliance control documentation frameworks (COSO, Cobit, Fraud detection, Basel II)
• Include business processes
• KPI cockpit integrated with control framework to drive control improvements
Yes: Business Assurance
The Business Assurance Professionals Page 16
Clients Return
24*7 risk, fraud and SOD control
Cut back on “remediation after the fact” cost
Offer confidence to shareholders and stakeholders
Reduce financing, auditing and reporting cost
Grow revenues and profit, cut back integration and process cost
Control the business based on real time KPI’s, management cockpit
Platform for growth to automated preventive controls
Comply with mulitple regulations (FDA, SOX, ISO, Basel II)
Maintainable transparancy, back office data integrated with control framework
The Business Assurance Professionals Page 17
Business Assurance cycle
Control Framework
•Axentis
•BWise
•SAP MIC
• . . .
• Ba-PRO
Business assurance rules
• select relevant controls
• set tresholds
• values
• reports
Back office data
• SAP
• Oracle (apps)
• Baan
• Peoplesoft
Assurance
• alerts
• KPI dashboards
• reports (XBRL based)
Improve control
Automated XBRL and XML storage
Agents
Workflow automation
Back office app. improvements
The Business Assurance Professionals Page 18
Business Assurance Data-flow
Alerts & KPI’s
Improveprojects / workflow
Agents
Control framework SAP-MIC-Sarbanes Controls-Fraud detection -IFRS manual- . . .
Business Rules
Data Store Collected data from back office systems stored in
XBRL, XML, XSD
Back office appsSAPOracleNavisionBaanYour own
Ba-PRO
SAP NetweaverAlerts & KPI’s
The Business Assurance Professionals Page 19
• Control framework– Subsidaries
– Departments
– Processes
– Accounts
– Risks
– Control objectives
– Controls
– Coso
– . . .
Find relevant control info
The Business Assurance Professionals Page 20
Alerts
• Dashboards
• Alerts
• Drill down
• Web based
• Personal
The Business Assurance Professionals Page 21
Ready?
Start with available (SOX) Content•Control framework (COSO)•Accounting manual / IAS•Business Rules•Alerts and Dashboards
Integration agents available•SAP•Oracle•Navision
No license investments•Quick start implementation package•Pay per business rule
The Business Assurance Professionals Page 22
GO!Great opportunity to experience how it is feasable to balance risk and controls with business improvements
Pilot•Select Control framework (e.g. SOX, Fraud, Credit . . .)•Test Business Rules•First Control framework, risk management information, Alerts, dashboards available •Evaluate•Continue
Local consulting (Smartview)•Quick-Experienced-Efficient
No sweat•10 days•Dr. Tim Willems
Pilot now and be invited as a member of the Expert team, Amsterdam April 2006 •Amsterdam roundtable 2006 (captains of industry and government roundtable)
The Business Assurance Professionals Page 23
Stay in touch
Dr. Tim Willems
CEO of Ba-PRO
Phone: +31 6 54792099
Klaus Berghoffer
CEO of Smartview (Romenia)
[email protected]: +40 724550570